2314 matches found
PT-2022-27979 · Ibm · Ibm Urbancode Deploy
Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 6.2.0.0 through 6.2.7.18 IBM UrbanCode Deploy versions 7.0.5.0 through 7.0.5.13 IBM UrbanCode Deploy versions 7.1.0.0 through 7.1.2.9 IBM UrbanCode Deploy versions 7.2.0.0 through 7.2.3.2 IBM UrbanCode Deploy...
IBM UrbanCode Deploy 跨站脚本漏洞
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...
PT-2022-24505 · Ibm · Bigfix Webui
Name of the Vulnerable Software and Affected Versions: BigFix WebUI affected versions not specified Description: The issue concerns BigFix WebUI non-master operators who are missing necessary controls. These operators can modify the relevance of fixlets or deploy fixlets from the BES Support...
Security Bulletin: Apache Tomcat is vulnerable to HTTP request smuggling (CVE-2022-42252)
Summary Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could...
FreeBSD : Gitlab -- Multiple Vulnerabilities (3cde510a-7135-11ed-a28b-bff032704f00)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3cde510a-7135-11ed-a28b-bff032704f00 advisory. - Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)
Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-40149, CVE-2022-40150 Vulnerability Details CVEID:CVE-2022-40149 DESCRIPTION: jettison-jso...
Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]
Summary The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute...
Security Bulletin: Apache Tomcat could allow a remote attacker to obtain sensitive information (CVE-2021-43980)
Summary Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified implementation of blocking reads and writes. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain...
CVE-2022-40751
IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...
CVE-2022-40751
IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...
Code injection
IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...
CVE-2022-40751 IBM UrbanCode Deploy information disclosure
IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...
CVE-2022-40751 IBM UrbanCode Deploy information disclosure
IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...
CVE-2022-40751
CVE-2022-40751 affects IBM UrbanCode Deploy (UCD) versions: 6.2.7.0–6.2.7.17; 7.0.0.0–7.0.5.12; 7.1.0.0–7.1.2.8; 7.2.0.0–7.2.3.1. An administrator with "Manage Security" permissions could recover credentials saved for LDAP authentication, exposing sensitive data. IBM X-Force ID: 236601. The fixed...
IBM UrbanCode Deploy 安全漏洞
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the automation of complex applications in...
CVE-2022-2533
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions...
Design/Logic Flaw
Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token...
CVE-2022-2533
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions...
UBUNTU-CVE-2022-2533
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions...
UBUNTU-CVE-2022-3286
Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token...