CVE-2024-22339

CVE-2024-22339 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy, with the root cause being insufficient obfuscation of sensitive values in some log files, leading to potential sensitive information disclosure. Affected products and versions include: UCD 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2...

CVE-2024-22334 IBM UrbanCode Deploy improper privilege control

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2024-22334 IBM UrbanCode Deploy improper privilege control

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2024-22334

Summary : CVE-2024-22334 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy, with an incomplete revocation of permissions when deleting a custom security resource type. The issue can cause associated permissions of objects using that type to remain or be misreported, leading to inaccurate p...

CVE-2024-22359

CVE-2024-22359 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. A cross-site scripting vulnerability exists in the Web UI that can allow embedding arbitrary JavaScript to alter functionality and potentially disclose credentials within a trusted session. Affected versions are UCD 7.0–7.0....

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) may be susceptible to an Insufficient Session Expiration vulnerability (CVE-2024-22358)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD may not fully invalidate the session after logout which could allow an authenticated user to impersonate another user on the system. Vulnerability Details CVEID:CVE-2024-22358 DESCRIPTION: IBM UrbanCode Deploy UCD does not invalidate session...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a machine-in-the-middle vulnerability (CVE-2023-48795)

Summary OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. A remote attacker could exploit this vulnerability to launch a machine-in-the-middle attack and strip an...

CVE-2024-22331

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy UCD - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) may be vulnerable to sensitive information disclosure (CVE-2024-22331)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD could disclose sensitive user information when installing the Windows agent as a service. Vulnerability Details CVEID:CVE-2024-22331 DESCRIPTION: IBM UrbanCode Deploy UCD could disclose sensitive user information when installing the Windows...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) may be vulnerable to HTTP request smuggling (CVE-2023-46589)

Summary Due to the use of Apache Tomcat, IBM DevOps Deploy / IBM UrbanCode Deploy UCD is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a specially crafted HTTPS trailer header, an attacker could exploit this vulnerability to poison the we...

CVE-2024-23550

HCL DevOps Deploy / HCL Launch UCD could disclose sensitive user information when installing the Windows agent...

CVE-2024-23550

HCL DevOps Deploy / HCL Launch UCD could disclose sensitive user information when installing the Windows agent...

CVE-2024-23550 HCL DevOps Deploy / HCL Launch (UCD) may be vulnerable to sensitive information disclosure

HCL DevOps Deploy / HCL Launch UCD could disclose sensitive user information when installing the Windows agent...

CVE-2024-23550

CVE-2024-23550 affects HCL DevOps Deploy / HCL Launch (UCD). The Windows agent installer could disclose sensitive user information, with confidentiality impact described as High in the CVSS data. The provided documents do not specify the underlying root cause details or a fixed version. Public so...

CVE-2024-23550 HCL DevOps Deploy / HCL Launch (UCD) may be vulnerable to sensitive information disclosure

HCL DevOps Deploy / HCL Launch UCD could disclose sensitive user information when installing the Windows agent...

HCL Technologies HCL Launch Security Breach

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. for handling the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch UCD that stems from the ability to...