Lucene search
K

590 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.22 views

Security Bulletin: CSV Injection (CVE-2019-4490)

Summary Maliciously crafted data in UCD could generate a malicious csv download file, when opened with certain unpactched 3rd party tools. Vulnerability Details CVEID: CVE-2019-4490 DESCRIPTION: CVSS Base score: 7.8 CVSS Temporal Score: See:...

0.7AI score
Exploits0Affected Software1
CNVD
CNVD
added 2019/11/18 12:0 a.m.1 views

IBM UrbanCode Deploy File Download Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

6.6AI score
Exploits0References1
Symantec
Symantec
added 2019/10/30 12:0 a.m.26 views

IBM UrbanCode Deploy CVE-2019-4490 Security Bypass Vulnerability

Description IBM UrbanCode Deploy is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. IBM UrbanCode Deploy versions 6.2.7 through 7.0.3 are vulnerable. Technologies Affected...

1.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/12 5:5 a.m.20 views

Security Bulletin: Secure values are recoverable via REST API (CVE-2019-4232)

Summary IBM UrbanCode Deploy could allow an authenticated user to obtain sensitive values from the REST API that could be used in further attacks against the system. Vulnerability Details CVEID: CVE-2019-4232 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user to obtain sensitive...

1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/11 5:5 a.m.17 views

Security Bulletin: Secure Properties In Processes Can Be Revealed (CVE-2019-4168)

Summary IBM UrbanCode Deploy could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. Vulnerability Details CVEID: CVE-2019-4168 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user to obtain sensitive information...

0.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/03 7:55 p.m.37 views

Security Bulletin: An Authenticated Agent Can Modify Another Agent's Properties (CVE-2018-1995)

Summary Old versions of UrbanCode Deploy web agents can allow unauthorized property modification of other agents. Vulnerability Details CVEID: CVE-2018-1995 Details: An authenticated agent can modify another agent's properties using a specially crafted request. Consequences: Agent properties can ...

7.5CVSS4AI score0.1684EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/12 6:40 p.m.29 views

Security Bulletin: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)

Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sendin...

9.8CVSS0.3AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/10 7:5 p.m.41 views

Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-11784)

Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default...

7.5CVSS0.8AI score0.94494EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/15 10:0 p.m.17 views

Security Bulletin: Authenticated Users Can Gain Privilege in IBM UrbanCode Deploy (CVE-2017-1493)

Summary Previous releases of IBM UrbanCode Deploy allow authenticated users to view and edit information they do not have permission to. Vulnerability Details CVEID: CVE-2017-1493 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticated user to edit objects that they should not have...

5.5CVSS0.7AI score0.007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/15 10:0 p.m.41 views

Security Bulletin: Open Source Apache Tomcat Vulnerabilities (CVE-2016-6817, CVE-2016-8735, CVE-2016-6816)

Summary Issues with Apache Tomcat Vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2016-6817 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the...

9.8CVSS1AI score0.90338EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/15 10:0 p.m.22 views

Security Bulletin: Plugins can be uploaded to IBM UrbanCode Deploy without Authentication (CVE-2017-1749)

Summary A directory traversal attack can be used to upload new versions of a plugin, altering UCD deployments. Vulnerability Details CVEID: CVE-2017-1749 DESCRIPTION: IBM UrbanCode Deploy could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter...

5.3CVSS1.3AI score0.02439EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/15 10:0 p.m.31 views

Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2017-7674, CVE-2017-7675)

Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat. Vulnerability Details CVEID: CVE-2017-7674 DESCRIPTION: Apache Tomcat could provide weaker than expected security, caused by the failure to add an HTTP Vary header indicating that the...

7.5CVSS0.9AI score0.1014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/15 9:55 p.m.19 views

Security Bulletin: IBM UrbanCode Deploy diagnostics files may contain confidential data (CVE-2017-1286)

Summary Previous releases of IBM UrbanCode Deploy diagnostics files can contain highly confidential data. This can include passwords and/or encrypted values. Vulnerability Details CVEID: CVE-2017-1286 DESCRIPTION: Sensitive information about the configuration of the UCD server and database can be...

6.5CVSS0.8AI score0.01313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/15 9:55 p.m.37 views

Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2017-5647, CVE-2017-5650)

Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2017-5647 Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security...

7.5CVSS0.8AI score0.1684EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/15 9:55 p.m.23 views

Security Bulletin: Authenticated Users in IBM UrbanCode Deploy can Obtain Secure Properties (CVE-2017-1752)

Summary Previous releases of IBM UrbanCode Deploy allow authenticated users to view secure information.. Vulnerability Details CVEID: CVE-2017-1752 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated privileged user to obtain highly sensitive information. CVSS Base Score: 6.8 CVSS...

4.9CVSS1.1AI score0.01637EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/25 8:45 p.m.39 views

Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-1304, CVE-2018-1305)

Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2018-1305 Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security...

6.5CVSS0.8AI score0.17716EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2018/09/03 12:0 a.m.2 views

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2018-17415)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

4.3CVSS4.4AI score0.00786EPSS
Exploits0References1
NVD
NVD
added 2018/08/30 4:29 p.m.21 views

CVE-2016-0373

IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119...

4.3CVSS3.6AI score0.00786EPSS
Exploits0References2
Prion
Prion
added 2018/08/30 4:29 p.m.11 views

Code injection

IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119...

4CVSS5.8AI score0.00786EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/08/30 4:29 p.m.3 views

CVE-2016-0373

IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119...

4.3CVSS5.8AI score0.00786EPSS
Exploits0References2
Rows per page
Query Builder