CVE-2023-42015 IBM UrbanCode Deploy HTML injection

IBM UrbanCode Deploy UCD 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512...

IBM UrbanCode Deploy 输入验证错误漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

IBM UrbanCode Deploy 输入验证错误漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

IBM UrbanCode Deploy 输入验证错误漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

PT-2023-30337 · Ibm · Ibm Urbancode Deploy

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy UCD versions 7.1 through 7.1.2.14 IBM UrbanCode Deploy UCD versions 7.2 through 7.2.3.7 IBM UrbanCode Deploy UCD versions 7.3 through 7.3.2.2 Description: The issue is related to the mishandling of input validation of an...

IBM UrbanCode Deploy Security Vulnerabilities

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to a HTTP tequest smuggling vulnerability (CVE-2023-45648)

Summary Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct X...

Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to multiple Eclipse Jetty vulnerabilities (CVE-2023-36478, CVE-2023-44487)

Summary IBM UrbanCode Deploy UCD is susceptible to multiple Eclipse Jetty denial of service vulnerabilities. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize...

Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to a Denial of Serivce vulnerability (CVE-2023-47161)

Summary IBM UrbanCode Deploy UCD may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. Vulnerability Details CVEID:CVE-2023-47161 DESCRIPTION: IBM UrbanCode Deploy UCD may mishandle input validation of an uploaded archive file leadin...

Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to multiple Apache Tomcat vulnerabilities (CVE-2023-42794, CVE-2023-42795, CVE-2023-44487)

Summary IBM UrbanCode Deploy UCD is susceptible to multiple Apache Tomcat vulnerabilities CVE-2023-42794, CVE-2023-42795, CVE-2023-44487 Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows...

Security Bulletin: IBM UrbanCode Deploy (UCD) is affected by a HTTP request smuggling Vulnerability in Eclipse Jetty (CVE-2023-40167)

Summary Due to the use of Jetty IBM UrbanCode Deploy UCD is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted request, a remote attacker could exploit this vulnerability to poison the web cache, bypass web application...

Security Bulletin: IBM UrbanCode Deploy (UCD) Agents as a windows service is vulnerable to a Denial Of Service (CVE-2023-42012)

Summary An IBM UrbanCode Deploy UCD Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. Vulnerability Details CVEID:CVE-2023-42012 DESCRIPTION: An IBM UrbanCode Deploy Agent installed as a Windows service in a...

Security Bulletin: IBM UrbanCode Deploy (UCD) could allow a remote attacker to obtain sensitive information (CVE-2023-42013)

Summary IBM UrbanCode Deploy UCD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. Vulnerability Details CVEID:CVE-2023-42013 DESCRIPTION: IBM...

Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to an HTML injection vulnerability (CVE-2023-42015)

Summary IBM UrbanCode Deploy UCD is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. Vulnerability Details CVEID:CVE-2023-42015 DESCRIPTION: IBM UrbanCode Deploy UCD is vulnerable ...

How to delete catalogs created in the "Quick Deploy" interface

This article describes how to delete catalogs created in the "Quick Deploy" interface...

BlackCat Incorporates ‘Munchkin’ into Its Arsenal

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware group has introduced a new tool called Munchkin in its operations. This tool employs virtual machines VMs to stealthily deploy encryptors on network devices. Munchkin allows the...

CVE-2023-40376

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

CVE-2023-40376

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

Authentication flaw

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

CVE-2023-40376 IBM UrbanCode Deploy (UCD) improper authentication controls

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...