CVE-2019-10173 xstream API If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands
CVEID:CVE-2019-10173
**DESCRIPTION:**xstream API could allow a remote attacker to execute arbitrary commands on the system, caused by insecure XML deserialization. By sending a specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164187 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
UCD - IBM UrbanCode Deploy | 6.2.7.4 |
UCD - IBM UrbanCode Deploy | 6.2.7.3 |
UCD - IBM UrbanCode Deploy | 7.0.4.0 |
UCD - IBM UrbanCode Deploy | 7.0.3.0 |
UCD - IBM UrbanCode Deploy | All |
Upgrade to 6.2.7.9, 7.0.5.4, 7.1.1.0 or later.
None