2306 matches found
CVE-2020-4481
IBM UrbanCode Deploy (UCD) versions affected: 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0. Description: vulnerable to an XML External Entity (XXE) attack when processing XML data, allowing a remote attacker to expose sensitive information or consume memory resources. Root cause: XXE processing in UCD'...
CVE-2020-4481
IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848...
IBM UrbanCode Deploy Code Issue Vulnerability
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...
Security Bulletin: CVE-2020-4481 HTTP properties vulnerable to an XXE attack
Summary HTTP properties are vulnerable to an XXE attack. This could allow files from the server host to be extracted. Vulnerability Details CVEID: CVE-2020-4481 DESCRIPTION: IBM UrbanCode Deploy UCD is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote...
Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan
Summary CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan Vulnerability Details CVEID: CVE-2009-2625 DESCRIPTION: Sun Java Runtime Environment JRE is vulnerable to a denial of service, caused by an error in Apache Xerces2 Java. A remote...
Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name
Summary CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing...
Security Bulletin: CVE-2020-4202IBM UrbanCode Deploy (UCD) could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE).
Summary IBM UrbanCode Deploy UCD could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End DFE. Vulnerability Details CVEID: CVE-2020-4202 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticated user to impersonate another...
Security Bulletin: CVE-2019-4666 IBM UrbanCode Deploy (UCD) could allow a local user to obtain sensitive information by unmasking certain secure values in documents.
Summary IBM UrbanCode Deploy UCD could allow a local user to obtain sensitive information by unmasking certain secure values in documents. Vulnerability Details CVEID: CVE-2019-4666 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a local user to obtain sensitive information by unmasking certain...
Security Bulletin: CVE-2019-4668 Pattern integration passwords stored in db without current encryption
Summary The password for pattern integrations is stored in the db without current encryption. Vulnerability Details CVEID: CVE-2019-4668 DESCRIPTION: IBM UrbanCode Deploy UCD stores user credentials in plain in clear text which can be read by a local user. CVSS Base score: 6.2 CVSS Temporal Score...
Security Bulletin: CVE-2020-4260 Secure properties can be revealed using a generic process
Summary IBM UrbanCode Deploy UCD could allow a user with special permissions to obtain sensitive information via generic processes. Vulnerability Details CVEID: CVE-2020-4260 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a user with special permissions to obtain sensitive information via...
Security Bulletin: CVE-2020-4260 SOME SECURE PROPERTIES CAN BE REVEALED VIA GENERIC PROCESSES
Summary CVE-2020-4260 SECURE PROPERTIES CAN BE REVEALED VIA GENERIC PROCESSES. Some secure properties can be revealed through a specially configured generic processes. Vulnerability Details CVEID: CVE-2020-4260 DESCRIPTION: IBM UrbanCode Deploy UCD 7.0.5 could allow a user with special permission...
Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option
Summary Lack of Built in HSTS option in IBM Urbancode Deploy UCD Vulnerability Details CVEID: CVE-2019-4667 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker cou...
Security Bulletin: HTTP Trace Method is enabled
Summary HTTP Trace Method is enabled Vulnerability Details Third Party Entry: PSIRT-ADV0017246 DESCRIPTION: Created from Advisory: ADV0017246 CVSS Base score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products and Versions Affected Products| Versions ---|--- UCD - IBM...
Security Bulletin: CVE-2019-0199 The HTTP/2 implementation in embded Apache Tomcat Denial of Service Vulnerability
Summary Urbancode Deploy UCD: The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for...
CVE-2020-14470
In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password...
CVE-2020-14470
In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password...
Default credentials
In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password...
CVE-2020-14470
In Octopus Deploy, versions 2018.8.0 through 2019.x before 2019.12.2 are affected by CVE-2020-14470. An authenticated user could trigger a deployment that leaks the Helm Chart repository password. Root cause details are not fully enumerated in the provided documents, but the vulnerability is link...
CVE-2020-14470
In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password...
CVE-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...