Octopus Deploy Override Vulnerability

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy 3.4. A. The vulnerability allows the use of accounts or certificates to configure targets outside the scope of...

CVE-2020-16197

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...

Input validation

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...

CVE-2020-16197

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...

CVE-2020-16197

CVE-2020-16197 affects Octopus Deploy 3.4. An authorised user can configure a deployment target with an Account or Certificate outside the target’s scope and may use a certificate not in scope. The vulnerability also allows obtaining certificate metadata by associating a certificate with resource...

CVE-2020-4481

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848...

CVE-2020-4481

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848...

Xxe

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848...

CVE-2020-4481

IBM UrbanCode Deploy (UCD) versions affected: 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0. Description: vulnerable to an XML External Entity (XXE) attack when processing XML data, allowing a remote attacker to expose sensitive information or consume memory resources. Root cause: XXE processing in UCD'...

CVE-2020-4481

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848...

IBM UrbanCode Deploy Code Issue Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

Security Bulletin: CVE-2020-4481 HTTP properties vulnerable to an XXE attack

Summary HTTP properties are vulnerable to an XXE attack. This could allow files from the server host to be extracted. Vulnerability Details CVEID: CVE-2020-4481 DESCRIPTION: IBM UrbanCode Deploy UCD is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote...

Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan

Summary CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan Vulnerability Details CVEID: CVE-2009-2625 DESCRIPTION: Sun Java Runtime Environment JRE is vulnerable to a denial of service, caused by an error in Apache Xerces2 Java. A remote...

Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name

Summary CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing...

Security Bulletin: CVE-2019-4666 IBM UrbanCode Deploy (UCD) could allow a local user to obtain sensitive information by unmasking certain secure values in documents.

Summary IBM UrbanCode Deploy UCD could allow a local user to obtain sensitive information by unmasking certain secure values in documents. Vulnerability Details CVEID: CVE-2019-4666 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a local user to obtain sensitive information by unmasking certain...

Security Bulletin: CVE-2020-4260 Secure properties can be revealed using a generic process

Summary IBM UrbanCode Deploy UCD could allow a user with special permissions to obtain sensitive information via generic processes. Vulnerability Details CVEID: CVE-2020-4260 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a user with special permissions to obtain sensitive information via...

Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option

Summary Lack of Built in HSTS option in IBM Urbancode Deploy UCD Vulnerability Details CVEID: CVE-2019-4667 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker cou...

Security Bulletin: CVE-2019-4668 Pattern integration passwords stored in db without current encryption

Summary The password for pattern integrations is stored in the db without current encryption. Vulnerability Details CVEID: CVE-2019-4668 DESCRIPTION: IBM UrbanCode Deploy UCD stores user credentials in plain in clear text which can be read by a local user. CVSS Base score: 6.2 CVSS Temporal Score...

Security Bulletin: HTTP Trace Method is enabled

Summary HTTP Trace Method is enabled Vulnerability Details Third Party Entry: PSIRT-ADV0017246 DESCRIPTION: Created from Advisory: ADV0017246 CVSS Base score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products and Versions Affected Products| Versions ---|--- UCD - IBM...

Security Bulletin: CVE-2020-4202IBM UrbanCode Deploy (UCD) could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE).

Summary IBM UrbanCode Deploy UCD could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End DFE. Vulnerability Details CVEID: CVE-2020-4202 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticated user to impersonate another...