176 matches found
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Jetty (CVE-2024-8184)
Summary Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the ThreadLimitHandler.getRemote function. By sending specially crafted requests, a remote attacker could exploit this vulnerability to exhaust the server memory and results in a denial of service...
CVE-2024-51472
IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
CVE-2024-51472
IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
CVE-2024-51472
CVE-2024-51472 affects IBM UrbanCode Deploy (UCD) versions 7.2 (up to 7.2.3.13), 7.3 (up to 7.3.2.8), and IBM DevOps Deploy 8.0–8.0.1.3. The issue is HTML injection in the Web UI that may disclose sensitive information. Remediation is to upgrade to one of: 7.2.3.14, 7.3.2.9, 8.0.1.4, or 8.1.0.0 o...
CVE-2024-51472 IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection
IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
IBM UrbanCode Deploy 安全漏洞
IBM UrbanCode Deploy IBM UCD is a suite of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model and uses remote agent technology to automate the deployment of complex applications i...
CVE-2024-42195
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
CVE-2024-42195
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
CVE-2024-42195 HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
CVE-2024-42195
CVE-2024-42195 concerns HCL DevOps Deploy / HCL Launch, where HTML injection in the Web UI could allow embedding arbitrary HTML tags and potentially disclose sensitive information. The connected documents corroborate the vulnerability type (HTML injection) and affected software name, and note tha...
CVE-2024-42195 HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
HCL Launch和HCL DevOps Deploy 安全漏洞
HCL Launch and HCL DevOps Deploy are both products of HCL Corporation, U.S.A. HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your...
PT-2024-29790 · Hcl · Hcl Devops Deploy +1
Name of the Vulnerable Software and Affected Versions: HCL DevOps Deploy / HCL Launch affected versions not specified Description: The issue allows a user to embed arbitrary HTML tags in the Web UI, potentially leading to sensitive information disclosure. This is due to an HTML injection...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Netty (CVE-2024-29025)
Summary Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:CVE-2024-2902...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Nimbus-JOSE-JWT (CVE-2023-52428)
Summary Connect2id Nimbus-JOSE-JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the openid authentication options. Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. ...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Cross-Site Scripting vulnerability (CVE-2024-28781)
Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...
CVE-2024-23558
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2024-23558
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2024-23558
The CVE-2024-23558 entry concerns HCL DevOps Deploy / HCL Launch where logout does not invalidate the user session, enabling an authenticated user to impersonate another user on the system. Connected documents confirm the issue origin as a session invalidation failure after logout, with CVSS deta...
CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...