Lucene search
K

590 matches found

Prion
Prion
added 2021/03/30 4:15 p.m.30 views

Code injection

IBM UrbanCode Deploy UCD 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944...

2.1CVSS5.1AI score0.00155EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/30 4:15 p.m.21 views

Code injection

IBM UrbanCode Deploy UCD 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908...

2.1CVSS5.1AI score0.00172EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/30 4:0 p.m.24 views

CVE-2020-4944

IBM UrbanCode Deploy UCD 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944...

5.1CVSS5.1AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2021/03/30 4:0 p.m.56 views

CVE-2020-4884

CVE-2020-4884 affects IBM UrbanCode Deploy (UCD) versions 6.2.7.9, 7.0.5.4, and 7.1.1.1. The root cause is storing user credentials in plaintext, which can be read by a local user. Consequence: credential disclosure from plaintext storage. References in IBM advisories align with NVD details. Reme...

6.2CVSS5.1AI score0.00172EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/30 4:0 p.m.20 views

CVE-2020-4884

IBM UrbanCode Deploy UCD 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908...

6.2CVSS5.1AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2021/03/30 4:0 p.m.52 views

CVE-2020-4848

IBM UrbanCode Deploy (UCD) has a confirmed information-disclosure/privilege-elevation issue (CVE-2020-4848) affecting 6.2.7.9, 7.0.5.4, and 7.1.1.1. An authenticated user could initiate a plugin or compare process resources they should not access due to insufficient execute permissions. The IBM s...

5.5CVSS5.2AI score0.00582EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/30 4:0 p.m.16 views

CVE-2020-4848

IBM UrbanCode Deploy UCD 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293...

5.4CVSS5.2AI score0.00582EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/30 12:0 a.m.5 views

IBM UrbanCode Deploy 安全漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/03/30 12:0 a.m.4 views

IBM UrbanCode Deploy 安全漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

5.5CVSS5.9AI score0.00582EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/29 9:24 p.m.19 views

Security Bulletin: CVE-2020-4848 Certain users can run auto-configure/compare on resources without execute permission

Summary Certain users can run auto-configure/compare on resources without execute permission Vulnerability Details CVEID: CVE-2020-4848 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. CV...

5.5CVSS1.5AI score0.00582EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/29 9:19 p.m.24 views

Security Bulletin: CVE-2021-24122 When serving resources from a network location using the NTFS file system, Apache Tomcat versions 8.5.0 to 8.5.59 were susceptible to JSP source code disclo

Summary When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected...

5.9CVSS0.6AI score0.22852EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/29 9:9 p.m.24 views

Security Bulletin: AGENT RELAY CODESTATION.KEYSTORE.PASSWORD STORED IN PLAIN TEXT

Summary A manually edited AGENT RELAY CODESTATION.KEYSTORE.PASSWORD stored in plain text is not encrypted upon restart. Vulnerability Details CVEID: CVE-2020-4884 DESCRIPTION: IBM UrbanCode Deploy UCD stores user credentials in plain in clear text which can be read by a local user. CVSS Base scor...

6.2CVSS0.4AI score0.00172EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/29 9:8 p.m.40 views

Security Bulletin: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them

Summary As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. This primarily affects the usage of the agent's bundled ANTHOME libraries. Vulnerability Details CVEID: CVE-2020-11979...

7.5CVSS0.8AI score0.08235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/29 9:4 p.m.116 views

Security Bulletin: Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE

Summary Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ dot dot backslash in a response to a recursive GET command. Vulnerability Details CVEID: CVE-2016-5725...

5.9CVSS2.5AI score0.24143EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/01 7:46 p.m.33 views

Security Bulletin: CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.

Summary CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Vulnerability Details CVEID: CVE-2020-26217 DESCRIPTION: XStream could allow a...

9.3CVSS3.6AI score0.85001EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/18 8:33 p.m.44 views

Security Bulletin: CVE-2019-17638 jetty double-release of a byte buffer

Summary In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of...

9.4CVSS0.5AI score0.11138EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/18 8:31 p.m.44 views

Security Bulletin: CVE-2019-10173CVE-2019-10173 xstream API If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands

Summary CVE-2019-10173 xstream API If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands Vulnerability Details CVEID: CVE-2019-10173 DESCRIPTION: xstream API could allow a remote attacker to execute arbitrary commands on the system,...

9.8CVSS2.4AI score0.94774EPSS
Exploits4Affected Software1
CNVD
CNVD
added 2020/11/09 12:0 a.m.2 views

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2020-63485)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

4.3CVSS6.2AI score0.00982EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/09 12:0 a.m.1 views

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2020-63486)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

4.3CVSS6AI score0.00806EPSS
Exploits0References1
OSV
OSV
added 2020/11/06 2:15 p.m.5 views

CVE-2020-4483

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857...

4.3CVSS5.8AI score0.00982EPSS
Exploits0References2
Rows per page
Query Builder