2 matches found
Security Bulletin: Exposed Authentication Token in IBM UrbanCode Deploy (CVE-2015-4964)
Summary In previous versions of IBM UrbanCode Deploy, the authentication token is displayed in the execution logs. In certain steps that are run using the admin user permissions, this can allow non-administrator users to impersonate the admin user. In other processes, this can allow other users t...
CVE-2015-4964
IBM UrbanCode Deploy (UCD) vulnerable in versions 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2. Affected users who can create and execute processes can have the admin AUTH_TOKEN value written to execution logs, enabling privilege escalation by a non-admin user who can run st...