CVE-2020-4483

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857...

CVE-2020-4484

IBM UrbanCode Deploy (UCD) versions affected by CVE-2020-4484 are 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0. The vulnerability, described by the IBM security bulletin, arises from GENERIC PROCESS PROPERTIES NOT BEING TREATED AS SECURE when a process is run through a RUN GENERIC PROCESS STEP, enablin...

CVE-2020-4484

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858...

CVE-2020-4482

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856...

CVE-2020-4482

IBM UrbanCode Deploy (UCD) versions affected by CVE-2020-4482 include 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0. A security bypass vulnerability exists where an authenticated user with access to a snapshot can call REST endpoints to apply unauthorized additional statuses, effectively bypassing secur...

Security Bulletin: CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated

Summary The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a...

Security Bulletin: CVE-2020-4484 GENERIC PROCESS PROPERTIES ARE NOT TREATED AS SECURE WHEN THE PROCESS IS RUN THROUGH A RUN GENERIC PROCESS STEP

Summary GENERIC PROCESS PROPERTIES ARE NOT TREATED AS SECURE WHEN THE PROCESS IS RUN THROUGH A RUN GENERIC PROCESS STEP Vulnerability Details CVEID: CVE-2020-4484 DESCRIPTION: IBM UrbanCode Deploy UCD could disclose sensitive information to an authenticated user that could be used in further...

Security Bulletin: CVE-2020-4483 Secure property value can be seen in diagnostics bundle and ds_request_audit_entry

Summary Secure property value can be seen in diagnostics bundle and dsrequestauditentry Vulnerability Details CVEID: CVE-2020-4483 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser...

Security Bulletin: CVE-2020-4482 ADD SNAPSHOT STATUS REST CALL DOESN'T CHECK THE USER ROLE

Summary ADD SNAPSHOT STATUS REST CALL DOESN'T CHECK THE USER ROLE BEFORE ADDING THE STATUS TO SNAPSHOT Vulnerability Details CVEID: CVE-2020-4482 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized...

Security Bulletin: CVE-2018-11775 TLS hostname verification when using the Apache ActiveMQ Client

Summary TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. Vulnerability Details CVEID:...

Security Bulletin: CVE-2019-17569, CVE-2020-1935 HTTP Request Smuggling if Tomcat was located behind a reverse proxy

Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...

Octopus Deploy Input Validation Error Vulnerability

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy versions prior to 2020.4.2 that allows an attacker to redirect users to an external site via a modified HTTP Host...

CVE-2020-26161

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...

CVE-2020-26161

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...

Design/Logic Flaw

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...

CVE-2020-26161

CVE-2020-26161 affects Octopus Deploy up to version 2020.4.2. The vulnerability arises from a flaw where an attacker could cause a user to be redirected to an external site by supplying a modified HTTP Host header. Multiple connected sources corroborate this description (e.g., Red Hat, CNVD, NVD/...

CVE-2020-26161

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...

CVE-2020-27155

An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...

CVE-2020-27155

An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...

CVE-2020-27155

An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...