586 matches found
CVE-2023-40376 IBM UrbanCode Deploy (UCD) improper authentication controls
IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...
CVE-2023-40376 IBM UrbanCode Deploy (UCD) improper authentication controls
IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...
CVE-2023-40376
CVE-2023-40376 affects IBM UrbanCode Deploy (UCD) versions 7.1‑7.3.2.x under certain configurations. The root cause is improper authentication controls that could allow an authenticated user to change environment variables. Impact described by sources: potential unauthorized modifications to envi...
IBM UrbanCode Deploy Authorization Issues Vulnerability
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model and uses remote agent technology to automate the deployment of complex applications in...
Security Bulletin: IBM UrbanCode Deploy (UCD) under certain configurations could allow an authenticated user to make changes to environment template due to improper authentication controls.
Summary IBM UrbanCode Deploy UCD under certain configurations could allow an authenticated user to make changes to environment template due to improper authentication controls CVE-2023-40376 Vulnerability Details CVEID:CVE-2023-40376 DESCRIPTION: IBM UrbanCode Deploy UCD under certain...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to XML external entity XXE due to Apache Ivy
Summary Apache Ivy may be used by plugins or custom scripts in IBM UrbanCode Deploy UCD. Apache Ivy is vulnerable to a XXE caused by improper handling of XML external entity XXE declarations by the XML parser. CVE-2022-46751 Vulnerability Details CVEID:CVE-2022-46751 DESCRIPTION: Apache Ivy could...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-28709)
Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix for CVE-2023-24998 related to the failure to limit the number of request parts to be processed in the file upload function. By...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to unsafe deserialization in SnakeYaml (CVE-2022-1471)
Summary SnakeYaml, a component of task execution, could allow an attacker to execute arbitrary code on the system by introducing specially-crafted yaml content. CVE-2022-1471 Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute...
IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2023-37161)
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...
CVE-2022-43877
IBM UrbanCode Deploy UCD versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148...
CVE-2022-43877
IBM UrbanCode Deploy UCD versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148...
Design/Logic Flaw
IBM UrbanCode Deploy UCD versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148...
CVE-2022-43877 IBM UrbanCode Deploy (UCD) information disclosure
IBM UrbanCode Deploy UCD versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148...
CVE-2022-43877 IBM UrbanCode Deploy (UCD) information disclosure
IBM UrbanCode Deploy UCD versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148...
IBM UrbanCode Deploy 安全漏洞
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...
Security Bulletin: IBM UrbanCode Deploy (UCD) could disclose sensitive password information if a manual edit of the agentrelay.properties file. (CVE-2022-43877)
Summary After a local edit of an agentrelay.properties configuration file using a plain text value, the value may not automatically be encrypted as expected after restarting the service. Vulnerability Details CVEID:CVE-2022-43877 DESCRIPTION: IBM UrbanCode Deploy UCD could disclose sensitive...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-45693, CVE-2022-45685)
Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-45693, CVE-2022-45685 Vulnerability Details CVEID:CVE-2022-45693 DESCRIPTION: Jettison is...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to HTTP response splitting due to Netty (CVE-2022-41915)
Summary Netty is used by IBM UrbanCode Deploy UCD for network communication. An attacker may be able to inject HTTP/1.1 response header and cause the server to return a split resonse. CVE-2022-41915 Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to sensitive information disclosure due to Apache Commons Net (CVE-2021-37533)
Summary Apache Commons Net is used by the included zOS Utility plugin FTP Artifacts step to connect to remote FTP servers. By persuading a victim to connect to a specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-24998)
Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Tomcat is vulnerable to a denial of service, caused by not limiting the number of request parts to be processed in the file upload function. By sending a specially-crafted request with a series of uploads, a...