Lucene search
K

587 matches found

CNVD
CNVD
added 2022/04/06 12:0 a.m.108 views

IBM UrbanCode Deploy Encryption Issue Vulnerability

IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...

7.5CVSS2.2AI score0.00692EPSS
Exploits0References1
NVD
NVD
added 2022/04/01 5:15 p.m.16 views

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

7.5CVSS0.00692EPSS
Exploits0References2
OSV
OSV
added 2022/04/01 5:15 p.m.2 views

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

7.5CVSS6.5AI score0.00692EPSS
Exploits0References2
Prion
Prion
added 2022/04/01 5:15 p.m.20 views

Code injection

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

5CVSS7.2AI score0.00692EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/04/01 4:45 p.m.89 views

CVE-2022-22327

IBM UrbanCode Deploy (UCD) is affected by CVE-2022-22327 due to weaker-than-expected cryptographic algorithms that could allow decryption of highly sensitive information. Affected products and versions include UCD 7.0.5.3–7.0.5.7 and 7.1.0.0–7.1.2.4 (inclusive). Remediation: upgrade to 7.0.5.9, 7...

7.5CVSS7.2AI score0.00692EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/01 4:45 p.m.12 views

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

5.9CVSS7.3AI score0.00692EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.3 views

IBM UrbanCode Deploy 加密问题漏洞

IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...

7.5CVSS5.6AI score0.00692EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 10:44 p.m.29 views

Security Bulletin: CVE-2022-22327 Urbancode Deploy Web-Agent communication uses system default TLS protocol instead of application configured value.

Summary Urbancode Deploy may use the system default TLS protocol instead of the application value when install.server.ssl.enabledProtocols is set to a non-default value. Vulnerability Details CVEID: CVE-2022-22327 DESCRIPTION: IBM UrbanCode Deploy UCD uses weaker than expected cryptographic...

7.5CVSS7AI score0.00692EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 10:43 p.m.54 views

Security Bulletin: IBM Urbancode Deploy impacted by Apache Log4j SQL Injection vulnerability. (CVE-2022-23305)

Summary When added to the logging configuration, the Log4j JDBCAppender may not be properly encoding content sent to an external SQL database. This is a non-default configuration. The fix removes this component. Vulnerability Details CVEID: CVE-2022-23305 DESCRIPTION: Apache Log4j is vulnerable t...

9.8CVSS9.4AI score0.66537EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/31 12:0 a.m.5 views

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

7.5CVSS6.6AI score0.00692EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/03 3:51 p.m.44 views

Security Bulletin: IBM Urbancode Deploy server/agent/relay releases before 7.1.2.1 impacted by Apache Log4j vulnerabilities. (CVE-2021-4104)

Summary IBM Urbancode Deploy server, agent, and relay releases before release 7.1.2.1 are impacted by CVE-2021-4104. The product uses Log4j 1.2 logging library which may be exploited with administrative access. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remo...

7.5CVSS7.5AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 9:33 p.m.51 views

Security Bulletin: CVE-2021-42340 Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections.

Summary Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:...

7.5CVSS1AI score0.10997EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/01 8:4 p.m.33 views

Security Bulletin: CVE-2020-17521 Apache Groovy's provided extension methods to aid with creating temporary directories was using a now superseded Java JDK method call that is potentiallly not secure in some situations.

Summary Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Vulnerabili...

5.5CVSS1.1AI score0.0105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/01 7:52 p.m.26 views

Security Bulletin: CVE-2021-33037 Apache Tomcat 8.5.66 did not correctly parse the HTTP transfer-encoding request header leading to the possibility to request smuggling when used with a reverse proxy

Summary Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the...

5.3CVSS0.1AI score0.75353EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/01 7:41 p.m.27 views

Security Bulletin: CVE-2020-27221 Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow

Summary Java SE issues disclosed in CVE-2020-27221 for IBM provided JRE. Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could...

9.8CVSS1.8AI score0.01532EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:3 a.m.38 views

Security Bulletin: CVE-2020-27223 when Jetty handles a request containing multiple Accept headers the server may enter a denial of service (DoS) state

Summary when Jetty handles a request containing multiple Accept headers with a large number of quality i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality values Vulnerability Details CVEID: CVE-2020-27223 DESCRIPTION: Eclipse Jetty...

5.3CVSS0.2AI score0.7795EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:2 a.m.23 views

Security Bulletin: CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission.

Summary Security Bulletin: CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission set with UI. Vulnerability Details CVEID: CVE-2021-29711 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticated user with certain permissions to initiate an agent upgrade through the C...

4.9CVSS0.7AI score0.00642EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:2 a.m.35 views

Security Bulletin: CVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame.

Summary CVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame. Vulnerability Details CVEID: CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a...

7.8CVSS0.4AI score0.53861EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:2 a.m.42 views

Security Bulletin: CVE-2021-27568 An issue was discovered in netplex json-smart-v1, an exception is thrown from a function

Summary CVE-2021-27568 An issue was discovered in netplex json-smart-v1, an exception is thrown from a function, may cause programs to crash or expose sensitive info Vulnerability Details CVEID: CVE-2021-27568 DESCRIPTION: Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of...

5.9CVSS0.8AI score0.02886EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2021/07/09 12:0 a.m.15 views

IBM UrbanCode Deploy has an unspecified vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model and uses remote agent technology to automate the deployment of complex applications in...

4.9CVSS3AI score0.00642EPSS
Exploits0References1
Rows per page
Query Builder