590 matches found
CVE-2020-4481
IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848...
Xxe
IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848...
CVE-2020-4481
IBM UrbanCode Deploy (UCD) versions affected: 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0. Description: vulnerable to an XML External Entity (XXE) attack when processing XML data, allowing a remote attacker to expose sensitive information or consume memory resources. Root cause: XXE processing in UCD'...
CVE-2020-4481
IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848...
IBM UrbanCode Deploy Code Issue Vulnerability
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...
Security Bulletin: CVE-2020-4481 HTTP properties vulnerable to an XXE attack
Summary HTTP properties are vulnerable to an XXE attack. This could allow files from the server host to be extracted. Vulnerability Details CVEID: CVE-2020-4481 DESCRIPTION: IBM UrbanCode Deploy UCD is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote...
Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan
Summary CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan Vulnerability Details CVEID: CVE-2009-2625 DESCRIPTION: Sun Java Runtime Environment JRE is vulnerable to a denial of service, caused by an error in Apache Xerces2 Java. A remote...
Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name
Summary CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing...
Security Bulletin: CVE-2019-4666 IBM UrbanCode Deploy (UCD) could allow a local user to obtain sensitive information by unmasking certain secure values in documents.
Summary IBM UrbanCode Deploy UCD could allow a local user to obtain sensitive information by unmasking certain secure values in documents. Vulnerability Details CVEID: CVE-2019-4666 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a local user to obtain sensitive information by unmasking certain...
Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option
Summary Lack of Built in HSTS option in IBM Urbancode Deploy UCD Vulnerability Details CVEID: CVE-2019-4667 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker cou...
Security Bulletin: CVE-2019-4668 Pattern integration passwords stored in db without current encryption
Summary The password for pattern integrations is stored in the db without current encryption. Vulnerability Details CVEID: CVE-2019-4668 DESCRIPTION: IBM UrbanCode Deploy UCD stores user credentials in plain in clear text which can be read by a local user. CVSS Base score: 6.2 CVSS Temporal Score...
Security Bulletin: HTTP Trace Method is enabled
Summary HTTP Trace Method is enabled Vulnerability Details Third Party Entry: PSIRT-ADV0017246 DESCRIPTION: Created from Advisory: ADV0017246 CVSS Base score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products and Versions Affected Products| Versions ---|--- UCD - IBM...
Security Bulletin: CVE-2020-4260 Secure properties can be revealed using a generic process
Summary IBM UrbanCode Deploy UCD could allow a user with special permissions to obtain sensitive information via generic processes. Vulnerability Details CVEID: CVE-2020-4260 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a user with special permissions to obtain sensitive information via...
Security Bulletin: CVE-2020-4202IBM UrbanCode Deploy (UCD) could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE).
Summary IBM UrbanCode Deploy UCD could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End DFE. Vulnerability Details CVEID: CVE-2020-4202 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticated user to impersonate another...
Security Bulletin: CVE-2020-4260 SOME SECURE PROPERTIES CAN BE REVEALED VIA GENERIC PROCESSES
Summary CVE-2020-4260 SECURE PROPERTIES CAN BE REVEALED VIA GENERIC PROCESSES. Some secure properties can be revealed through a specially configured generic processes. Vulnerability Details CVEID: CVE-2020-4260 DESCRIPTION: IBM UrbanCode Deploy UCD 7.0.5 could allow a user with special permission...
Security Bulletin: CVE-2019-0199 The HTTP/2 implementation in embded Apache Tomcat Denial of Service Vulnerability
Summary Urbancode Deploy UCD: The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for...
CVE-2019-4667
IBM UrbanCode Deploy UCD 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...
CVE-2019-4667
IBM UrbanCode Deploy UCD 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...
Information disclosure
IBM UrbanCode Deploy UCD 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...
CVE-2019-4667
IBM UrbanCode Deploy UCD 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...