Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to a Denial of Serivce vulnerability (CVE-2023-47161)

Summary IBM UrbanCode Deploy UCD may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. Vulnerability Details CVEID:CVE-2023-47161 DESCRIPTION: IBM UrbanCode Deploy UCD may mishandle input validation of an uploaded archive file leadin...

Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to multiple Apache Tomcat vulnerabilities (CVE-2023-42794, CVE-2023-42795, CVE-2023-44487)

Summary IBM UrbanCode Deploy UCD is susceptible to multiple Apache Tomcat vulnerabilities CVE-2023-42794, CVE-2023-42795, CVE-2023-44487 Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows...

Security Bulletin: IBM UrbanCode Deploy (UCD) is affected by a HTTP request smuggling Vulnerability in Eclipse Jetty (CVE-2023-40167)

Summary Due to the use of Jetty IBM UrbanCode Deploy UCD is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted request, a remote attacker could exploit this vulnerability to poison the web cache, bypass web application...

Security Bulletin: IBM UrbanCode Deploy (UCD) Agents as a windows service is vulnerable to a Denial Of Service (CVE-2023-42012)

Summary An IBM UrbanCode Deploy UCD Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. Vulnerability Details CVEID:CVE-2023-42012 DESCRIPTION: An IBM UrbanCode Deploy Agent installed as a Windows service in a...

Security Bulletin: IBM UrbanCode Deploy (UCD) could allow a remote attacker to obtain sensitive information (CVE-2023-42013)

Summary IBM UrbanCode Deploy UCD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. Vulnerability Details CVEID:CVE-2023-42013 DESCRIPTION: IBM...

Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to an HTML injection vulnerability (CVE-2023-42015)

Summary IBM UrbanCode Deploy UCD is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. Vulnerability Details CVEID:CVE-2023-42015 DESCRIPTION: IBM UrbanCode Deploy UCD is vulnerable ...

How to delete catalogs created in the "Quick Deploy" interface

This article describes how to delete catalogs created in the "Quick Deploy" interface...

BlackCat Incorporates ‘Munchkin’ into Its Arsenal

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware group has introduced a new tool called Munchkin in its operations. This tool employs virtual machines VMs to stealthily deploy encryptors on network devices. Munchkin allows the...

CVE-2023-40376

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

CVE-2023-40376

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

Authentication flaw

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

CVE-2023-40376 IBM UrbanCode Deploy (UCD) improper authentication controls

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

CVE-2023-40376 IBM UrbanCode Deploy (UCD) improper authentication controls

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

CVE-2023-40376

CVE-2023-40376 affects IBM UrbanCode Deploy (UCD) versions 7.1‑7.3.2.x under certain configurations. The root cause is improper authentication controls that could allow an authenticated user to change environment variables. Impact described by sources: potential unauthorized modifications to envi...

IBM UrbanCode Deploy Authorization Issues Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model and uses remote agent technology to automate the deployment of complex applications in...

UBUNTU-CVE-2023-5198

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys...

CVE-2023-5198 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys...

CVE-2023-5198 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys...

CVE-2023-5198

Summary: CVE-2023-5198 affects GitLab installations older than 16.2.7, and releases 16.3 before 16.3.5 and 16.4 before 16.4.1. The root cause is an issue where a removed project member could write to protected branches via deploy keys. Affected software: GitLab (versions prior to 16.2.7; 16.3.x b...

CVE-2023-5198

Removed by vendor...