Lucene search
K

590 matches found

Cvelist
Cvelist
added 2018/08/30 4:0 p.m.19 views

CVE-2016-0373

IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119...

3.1CVSS4.1AI score0.00786EPSS
Exploits0References2
CVE
CVE
added 2018/08/30 4:0 p.m.55 views

CVE-2016-0373

IBM UrbanCode Deploy CVE-2016-0373 enables information disclosure via REST endpoints not properly authorizing readers. Affected versions are 6.0 through 6.2.2.1 (inclusive). The root cause is an authorization failure in UCD REST endpoints that allows an authenticated user to read sensitive data. ...

4.3CVSS4AI score0.00786EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/08/16 12:0 a.m.3 views

IBM UrbanCode Deploy Directory Traversal Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

5.3CVSS5.4AI score0.02439EPSS
Exploits0References1
NVD
NVD
added 2018/08/13 4:29 p.m.21 views

CVE-2017-1286

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...

6.5CVSS6.3AI score0.01313EPSS
Exploits0References2
Prion
Prion
added 2018/08/13 4:29 p.m.18 views

Information disclosure

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...

4CVSS6.2AI score0.01313EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/08/13 4:29 p.m.3 views

CVE-2017-1286

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...

6.5CVSS5.7AI score0.01313EPSS
Exploits0References2
OSV
OSV
added 2018/08/13 4:29 p.m.3 views

CVE-2017-1749

IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522...

5.3CVSS5.8AI score0.02439EPSS
Exploits0References2
Prion
Prion
added 2018/08/13 4:29 p.m.18 views

Code injection

IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522...

5CVSS5.2AI score0.02439EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/08/13 4:29 p.m.19 views

CVE-2017-1749

IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522...

5.3CVSS5.2AI score0.02439EPSS
Exploits0References2
CVE
CVE
added 2018/08/13 4:0 p.m.59 views

CVE-2017-1286

CVE-2017-1286 affects IBM UrbanCode Deploy 6.1–6.9.6.0, where a user with elevated UI permissions can obtain sensitive server/database configuration data even after privileges are revoked. The IBM Security Bulletin confirms an information-disclosure vulnerability in UCD diagnostics files, with af...

6.5CVSS6.2AI score0.01313EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/08/13 4:0 p.m.20 views

CVE-2017-1749

IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522...

5.3CVSS5.2AI score0.02439EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/08/13 4:0 p.m.17 views

CVE-2017-1286

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...

6.3AI score0.01313EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.22 views

Security Bulletin: Secure properties can be shown in plain text in IBM UrbanCode Deploy (CVE-2016-9007)

Summary IBM UrbanCode Deploy could disclose secure property values leaked in process execution log output properties that could be accessable to unauthorized users. Vulnerability Details CVEID: CVE-2016-9007 DESCRIPTION: IBM UrbanCode Deploy could disclose secure property values leaked in process...

1.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.24 views

Security Bulletin: Remote code execution possible due to insecure REST endpoint (CVE-2016-8938)

Summary IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. Vulnerability Details CVEID: CVE-2016-8938 DESCRIPTION:...

10CVSS1.8AI score0.02824EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.19 views

Security Bulletin: Multiple UCD REST endpoints allow unauthorized users to view data (CVE-2016-0373)

Summary IBM UrbanCode Deploy could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. Vulnerability Details CVEID: CVE-2016-0373 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user ...

4.3CVSS1.3AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.19 views

Security Bulletin: REST endpoints do not properly authorize, allowing users to modify data with insufficient permissions (CVE-2016-0320)

Summary IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes. Vulnerability Details CVEID: CVE-2016-0320 DESCRIPTION: IBM...

4.3CVSS1AI score0.0059EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.26 views

Security Bulletin: API and CLI getResource expose secured role properties (CVE-2016-6068)

Summary IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. Vulnerability Details CVEID: CVE-2016-6068 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user with access to the REST...

7.5CVSS0.7AI score0.01369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.20 views

Security Bulletin: Pre-processing and post-processing scripts can access the entire domain model of server or agent (CVE-2016-2942)

Summary IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. Vulnerability Details CVEID: CVE-2016-2942 DESCRIPTION: IBM UrbanCode Deploy could allow an...

7.5CVSS1.3AI score0.00818EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.25 views

Security Bulletin: Properties with special characters in IBM UrbanCode Deploy might not be obfuscated correctly (CVE-2016-0364)

Summary Secure properties in IBM UrbanCode Deploy that contain certain special characters are not obfuscated correctly in the step output logs of steps that use the properties. Vulnerability Details CVEID: CVE-2016-0364 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user with...

4.3CVSS1.1AI score0.0085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.23 views

Security Bulletin: Secure Properties in IBM UrbanCode Deploy Vulnerable (CVE-2016-0267)

Summary Certain secure properties in IBM UrbanCode Deploy can be obtained by an authenticated user from the server UI. Also, certain secure properties can be obtained in plain text from the IBM UrbanCode Deploy database by a user who has read permission to the database. Vulnerability Details CVEI...

7.7CVSS1.2AI score0.01047EPSS
Exploits0Affected Software1
Rows per page
Query Builder