Lucene search
K

590 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 7:17 p.m.58 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-45693, CVE-2022-45685)

Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-45693, CVE-2022-45685 Vulnerability Details CVEID:CVE-2022-45693 DESCRIPTION: Jettison is...

7.5CVSS7.7AI score0.01395EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 7:17 p.m.30 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to HTTP response splitting due to Netty (CVE-2022-41915)

Summary Netty is used by IBM UrbanCode Deploy UCD for network communication. An attacker may be able to inject HTTP/1.1 response header and cause the server to return a split resonse. CVE-2022-41915 Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response...

6.5CVSS6.8AI score0.00885EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 7:16 p.m.36 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to sensitive information disclosure due to Apache Commons Net (CVE-2021-37533)

Summary Apache Commons Net is used by the included zOS Utility plugin FTP Artifacts step to connect to remote FTP servers. By persuading a victim to connect to a specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 7:16 p.m.80 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-24998)

Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Tomcat is vulnerable to a denial of service, caused by not limiting the number of request parts to be processed in the file upload function. By sending a specially-crafted request with a series of uploads, a...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 7:6 p.m.35 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to Path Traversal due to Apache Ivy (CVE-2022-37865, CVE-2022-37866)

Summary Apache Ivy is used by IBM UrbanCode Deploy as part of the Agents Apache Groovy scripting home. CVE-2022-37865, CVE-2022-37866 Vulnerability Details CVEID:CVE-2022-37866 DESCRIPTION: Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validati...

9.1CVSS8.1AI score0.01819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 4:20 p.m.35 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to cross-site scripting ( CVE-2022-46771 )

Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

4.6CVSS4.6AI score0.00371EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/12/20 8:15 p.m.1 views

CVE-2022-46771

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

4.6CVSS5.4AI score0.00371EPSS
Exploits0References2
NVD
NVD
added 2022/12/20 8:15 p.m.18 views

CVE-2022-46771

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

4.6CVSS0.00371EPSS
Exploits0References2
Prion
Prion
added 2022/12/20 8:15 p.m.17 views

Cross site scripting

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

4.9CVSS4.6AI score0.00371EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/20 7:40 p.m.26 views

CVE-2022-46771 IBM UrbanCode Deploy (UCD) cross-site scripting

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

4.6CVSS4.7AI score0.00371EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/20 7:40 p.m.4 views

CVE-2022-46771 IBM UrbanCode Deploy (UCD) cross-site scripting

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

4.6CVSS4.5AI score0.00371EPSS
Exploits0References2
CVE
CVE
added 2022/12/20 7:40 p.m.66 views

CVE-2022-46771

CVE-2022-46771 affects IBM UrbanCode Deploy (UCD) versions 6.2.0.0–6.2.7.18, 7.0.5.0–7.0.5.13, 7.1.0.0–7.1.2.9, 7.2.0.0–7.2.3.2 and 7.3.0.0, with a cross-site scripting vulnerability that can lead to arbitrary JavaScript in the Web UI and potential credentials disclosure within a trusted session....

4.6CVSS4.5AI score0.00371EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/12/20 12:0 a.m.4 views

IBM UrbanCode Deploy 跨站脚本漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

4.6CVSS5.5AI score0.00371EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/19 7:41 p.m.70 views

Security Bulletin: Apache Tomcat is vulnerable to HTTP request smuggling (CVE-2022-42252)

Summary Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could...

7.5CVSS7.3AI score0.01448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 2:9 p.m.63 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)

Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-40149, CVE-2022-40150 Vulnerability Details CVEID:CVE-2022-40149 DESCRIPTION: jettison-jso...

7.5CVSS7AI score0.01287EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 2:7 p.m.64 views

Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]

Summary The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/18 7:32 p.m.42 views

Security Bulletin: Apache Tomcat could allow a remote attacker to obtain sensitive information (CVE-2021-43980)

Summary Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified implementation of blocking reads and writes. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain...

3.7CVSS5.3AI score0.01746EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/11/17 5:15 p.m.14 views

CVE-2022-40751

IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...

4.9CVSS0.00589EPSS
Exploits0References2
OSV
OSV
added 2022/11/17 5:15 p.m.3 views

CVE-2022-40751

IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...

4.9CVSS5.8AI score0.00589EPSS
Exploits0References2
Prion
Prion
added 2022/11/17 5:15 p.m.18 views

Code injection

IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...

3.3CVSS4.9AI score0.00589EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder