Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to object recycling and reuse vulnerability in Apache Tomcat (CVE-2024-52318)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Vulnerability Details CVEID:CVE-2024-52318 DESCRIPTION: Incorrect object recycling and reuse...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Jetty (CVE-2024-8184)

Summary Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the ThreadLimitHandler.getRemote function. By sending specially crafted requests, a remote attacker could exploit this vulnerability to exhaust the server memory and results in a denial of service...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to Insertion of Sensitive Information into Log File vulnerability (CVE-2024-45091)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. Vulnerability Details CVEID:CVE-2024-45091 DESCRIPTION: IBM UrbanCode Deploy UCD stores potentially sensitive information...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is vulnerable to HTML injection (CVE-2024-51472)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-51472 DESCRIPTION: IBM DevOps Deploy /...

Security Bulletin:  IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Apache Tomcat (CVE-2024-38286)

Summary Apache Tomcat is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of its web interface. Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of the TLS handshake process under certain configurations. By sending specially crafted requests, a remot...

CVE-2024-45091

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

CVE-2024-45091

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

CVE-2024-45091 IBM UrbanCode Deploy information disclosure

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

CVE-2024-45091

IBM UrbanCode Deploy (UCD) versions 7.0–7.0.5.24, 7.1–7.1.2.10, and 7.2–7.2.3.13 store potentially sensitive information in HTTP request log files, which could be read by a local user with access to logs. Root cause: sensitive information is written to log files. Impact: confidentiality of data i...

CVE-2024-45091 IBM UrbanCode Deploy information disclosure

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

IBM UrbanCode Deploy 日志信息泄露漏洞

IBM UrbanCode Deploy IBM UCD is a suite of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the automation of complex applicatio...

CVE-2024-51472

IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

CVE-2024-51472 IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection

IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

CVE-2024-51472 IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection

IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

CVE-2024-51472

CVE-2024-51472 affects IBM UrbanCode Deploy (UCD) versions 7.2 (up to 7.2.3.13), 7.3 (up to 7.3.2.8), and IBM DevOps Deploy 8.0–8.0.1.3. The issue is HTML injection in the Web UI that may disclose sensitive information. Remediation is to upgrade to one of: 7.2.3.14, 7.3.2.9, 8.0.1.4, or 8.1.0.0 o...

IBM UrbanCode Deploy Cross-Site Scripting Vulnerability (CNVD-2024-26496)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Netty (CVE-2024-29025)

Summary Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:CVE-2024-2902...

Security Bulletin:  IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Nimbus-JOSE-JWT (CVE-2023-52428)

Summary Connect2id Nimbus-JOSE-JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the openid authentication options. Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. ...

CVE-2024-28781

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

IBM UrbanCode Deploy 跨站脚本漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...