Lucene search
+L

48 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/02 6:52 p.m.10 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial Of Service Vulnerability in Apache Tomcat (CVE-2025-52520)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is affected by a Denial Of Service Vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.8, 10.1.42, 9.0.106. Vulnerability Details CVEID:CVE-2025-52520 DESCRIPTION: For some unlikely configurations of multipart upload, an...

7.5CVSS6.5AI score0.0196EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/09/02 6:52 p.m.15 views

CVE-2025-36162 IBM DevOps Deploy / IBM UrbanCode Deploy information disclosure

IBM DevOps Deploy / IBM UrbanCode Deploy UCD 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system...

4.3CVSS0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.3 views

IBM UrbanCode Deploy(IBM UCD)和IBM DevOps Deploy 日志信息泄露漏洞

IBM UrbanCode Deploy IBM UCD and IBM DevOps Deploy are both products of International Business Machines IBM, U.S.A. IBM UrbanCode Deploy is a suite of application automation deployment tools. The tool is based on an application deployment automation management information model, and through remot...

5.5CVSS6AI score0.00163EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/16 4:20 a.m.12 views

CVE-2024-55904

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially craft...

7.2CVSS7.4AI score0.00667EPSS
Exploits0References1
NVD
NVD
added 2025/02/14 4:15 a.m.14 views

CVE-2024-55904

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially craft...

7.2CVSS0.00667EPSS
Exploits0References1
OSV
OSV
added 2025/02/14 4:15 a.m.5 views

CVE-2024-55904

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially craft...

7.2CVSS6.1AI score0.00667EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/14 3:23 a.m.11 views

CVE-2024-55904 IBM DevOps Deploy / IBM UrbanCode Deploy command injection

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially craft...

7.2CVSS7.5AI score0.00667EPSS
Exploits0References1
OSV
OSV
added 2025/02/08 5:15 p.m.8 views

CVE-2024-54176

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy UCD 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing...

6.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/02/08 5:15 p.m.26 views

CVE-2024-54176

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy UCD 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing...

6.5CVSS0.00268EPSS
Exploits0References1
CVE
CVE
added 2025/02/08 4:15 p.m.61 views

CVE-2024-54176

CVE-2024-54176 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. The vulnerability arises from missing authorization for a function, enabling an authenticated user to obtain sensitive information about other users on the system (CWE-306). Affected are UCD versions 7.0–7.0.5.25, 7.1–7.1.2....

6.5CVSS6AI score0.00268EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/02/08 12:0 a.m.6 views

PT-2025-6023 · Ibm · Ibm Urbancode Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM DevOps Deploy versions 8.0 through 8.0.1.4 IBM DevOps Deploy versions 8.1 through 8.1.0.0 IBM UrbanCode Deploy versions 7.0 through 7.0.5.25 IBM UrbanCode Deploy versions 7.1 through 7.1.2.21 IBM UrbanCode Deploy versions 7.2 through...

6.5CVSS5.8AI score0.00268EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is vulnerable to HTML injection (CVE-2024-51472)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-51472 DESCRIPTION: IBM DevOps Deploy /...

3.1CVSS6.4AI score0.00249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.19 views

Security Bulletin:  IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Apache Tomcat (CVE-2024-38286)

Summary Apache Tomcat is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of its web interface. Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of the TLS handshake process under certain configurations. By sending specially crafted requests, a remot...

8.6CVSS6.3AI score0.01702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.32 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Jetty (CVE-2024-8184)

Summary Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the ThreadLimitHandler.getRemote function. By sending specially crafted requests, a remote attacker could exploit this vulnerability to exhaust the server memory and results in a denial of service...

6.5CVSS6.4AI score0.01037EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/01/06 5:15 p.m.3 views

CVE-2024-51472

IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

3.1CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2025/01/06 5:15 p.m.30 views

CVE-2024-51472

IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

3.1CVSS0.00249EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/20 2:44 p.m.35 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Netty (CVE-2024-29025)

Summary Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:CVE-2024-2902...

5.3CVSS5.6AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/20 2:44 p.m.32 views

Security Bulletin:  IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Nimbus-JOSE-JWT (CVE-2023-52428)

Summary Connect2id Nimbus-JOSE-JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the openid authentication options. Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. ...

7.5CVSS9.3AI score0.00814EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/04/12 5:17 p.m.25 views

CVE-2024-22358

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 28089...

8.8CVSS6.1AI score0.00411EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/12 4:53 p.m.22 views

CVE-2024-22358 IBM UrbanCode Deploy session fixation

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 28089...

6.3CVSS6.1AI score0.00411EPSS
Exploits0References2
Rows per page
Query Builder