590 matches found
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-45693, CVE-2022-45685)
Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-45693, CVE-2022-45685 Vulnerability Details CVEID:CVE-2022-45693 DESCRIPTION: Jettison is...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to HTTP response splitting due to Netty (CVE-2022-41915)
Summary Netty is used by IBM UrbanCode Deploy UCD for network communication. An attacker may be able to inject HTTP/1.1 response header and cause the server to return a split resonse. CVE-2022-41915 Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to sensitive information disclosure due to Apache Commons Net (CVE-2021-37533)
Summary Apache Commons Net is used by the included zOS Utility plugin FTP Artifacts step to connect to remote FTP servers. By persuading a victim to connect to a specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-24998)
Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Tomcat is vulnerable to a denial of service, caused by not limiting the number of request parts to be processed in the file upload function. By sending a specially-crafted request with a series of uploads, a...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to Path Traversal due to Apache Ivy (CVE-2022-37865, CVE-2022-37866)
Summary Apache Ivy is used by IBM UrbanCode Deploy as part of the Agents Apache Groovy scripting home. CVE-2022-37865, CVE-2022-37866 Vulnerability Details CVEID:CVE-2022-37866 DESCRIPTION: Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validati...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to cross-site scripting ( CVE-2022-46771 )
Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...
CVE-2022-46771
IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...
CVE-2022-46771
IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...
Cross site scripting
IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...
CVE-2022-46771 IBM UrbanCode Deploy (UCD) cross-site scripting
IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...
CVE-2022-46771 IBM UrbanCode Deploy (UCD) cross-site scripting
IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...
CVE-2022-46771
CVE-2022-46771 affects IBM UrbanCode Deploy (UCD) versions 6.2.0.0–6.2.7.18, 7.0.5.0–7.0.5.13, 7.1.0.0–7.1.2.9, 7.2.0.0–7.2.3.2 and 7.3.0.0, with a cross-site scripting vulnerability that can lead to arbitrary JavaScript in the Web UI and potential credentials disclosure within a trusted session....
IBM UrbanCode Deploy 跨站脚本漏洞
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...
Security Bulletin: Apache Tomcat is vulnerable to HTTP request smuggling (CVE-2022-42252)
Summary Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)
Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-40149, CVE-2022-40150 Vulnerability Details CVEID:CVE-2022-40149 DESCRIPTION: jettison-jso...
Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]
Summary The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute...
Security Bulletin: Apache Tomcat could allow a remote attacker to obtain sensitive information (CVE-2021-43980)
Summary Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified implementation of blocking reads and writes. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain...
CVE-2022-40751
IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...
CVE-2022-40751
IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...
Code injection
IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing...