CVE-2016-2942

IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine...

CVE-2016-6068

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...

CVE-2016-8938

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications...

CVE-2016-9008

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent...

CVE-2016-2942

IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine...

CVE-2016-2942

CVE-2016-2942 affects IBM UrbanCode Deploy. An authenticated user with special permissions can craft a script on the server that causes processes to run on a remote UCD agent machine. The IBM advisory lists affected versions (6.0–6.2.x) and provides fixes: upgrade to 6.2.3 (for 6.2.x) or 6.1.3.4 ...

CVE-2016-0320

CVE-2016-0320 affects IBM UrbanCode Deploy. Description: an authenticated user could modify UCD objects via multiple REST endpoints that do not properly authorize edits, potentially altering behavior of legitimately triggered processes. Affected versions include UrbanCode Deploy 6.0 through 6.2.x...

CVE-2016-9008

IBM UrbanCode Deploy contains a vulnerability where a malicious user could access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. Public details indicate a network-exposed vector with no authentication, high integrity impact, but the provided sources do not specify a f...

CVE-2016-8938

CVE-2016-8938 affects IBM UrbanCode Deploy (UCD). The vulnerability allows remote code execution via a crafted file upload that replaces server code, with potential execution on UCD agent machines hosting production apps. IBM’s advisory lists affected versions (e.g., 6.0.x, 6.1.x, 6.2.x lines) an...

CVE-2016-6068

IBM UrbanCode Deploy is affected by CVE-2016-6068. The IBM Security Bulletin confirms that an authenticated user with REST endpoint access could access API and CLI getResource secured role properties. Affected versions include 6.0.x through 6.2.x series listed in the bulletin, with remediation vi...

CVE-2016-6068

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...

CVE-2016-0320

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes...

CVE-2016-2941

The CVE-2016-2941 entry impacts IBM UrbanCode Deploy. Affected behavior is that during step execution, the product creates temporary files which may contain sensitive information, including passwords, that could be read by a local user. The documents do not provide specifics on vulnerable version...

CVE-2016-2941

IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user...

IBM UrbanCode Deploy Security Bypass Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

IBM UrbanCode Deploy Remote Code Execution Vulnerability

IBM UrbanCode Deploy is a set of application automation deployment tools from IBM in the United States. A remote code execution vulnerability exists in IBM UrbanCode Deploy. Allows an attacker to exploit the vulnerability to execute arbitrary code in the context of the affected application...

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2017-00171)

IBM UrbanCode Deploy is a set of application automation deployment tools from IBM in the United States. IBM UrbanCode Deploy has an information disclosure vulnerability. Allowing an attacker could exploit the vulnerability to access sensitive information...

GitLab: Every user can delete public deploy keys

Vulnerability details A GitLab instance can have public deploy keys that project admins can use for their project. An attacker can delete these public keys used by other users to deploy code. Impact Deleting these shared deploy keys may stop users to deploy their code. Proof of concept Make sure...

CVE-2016-2994

Cross-site scripting XSS vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-2994

Cross-site scripting XSS vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...