590 matches found
CVE-2016-0373
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119...
CVE-2016-0373
IBM UrbanCode Deploy CVE-2016-0373 enables information disclosure via REST endpoints not properly authorizing readers. Affected versions are 6.0 through 6.2.2.1 (inclusive). The root cause is an authorization failure in UCD REST endpoints that allows an authenticated user to read sensitive data. ...
IBM UrbanCode Deploy Directory Traversal Vulnerability
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...
CVE-2017-1286
Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...
Information disclosure
Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...
CVE-2017-1286
Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...
CVE-2017-1749
IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522...
Code injection
IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522...
CVE-2017-1749
IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522...
CVE-2017-1286
CVE-2017-1286 affects IBM UrbanCode Deploy 6.1–6.9.6.0, where a user with elevated UI permissions can obtain sensitive server/database configuration data even after privileges are revoked. The IBM Security Bulletin confirms an information-disclosure vulnerability in UCD diagnostics files, with af...
CVE-2017-1749
IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522...
CVE-2017-1286
Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...
Security Bulletin: Secure properties can be shown in plain text in IBM UrbanCode Deploy (CVE-2016-9007)
Summary IBM UrbanCode Deploy could disclose secure property values leaked in process execution log output properties that could be accessable to unauthorized users. Vulnerability Details CVEID: CVE-2016-9007 DESCRIPTION: IBM UrbanCode Deploy could disclose secure property values leaked in process...
Security Bulletin: Remote code execution possible due to insecure REST endpoint (CVE-2016-8938)
Summary IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. Vulnerability Details CVEID: CVE-2016-8938 DESCRIPTION:...
Security Bulletin: Multiple UCD REST endpoints allow unauthorized users to view data (CVE-2016-0373)
Summary IBM UrbanCode Deploy could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. Vulnerability Details CVEID: CVE-2016-0373 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user ...
Security Bulletin: REST endpoints do not properly authorize, allowing users to modify data with insufficient permissions (CVE-2016-0320)
Summary IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes. Vulnerability Details CVEID: CVE-2016-0320 DESCRIPTION: IBM...
Security Bulletin: API and CLI getResource expose secured role properties (CVE-2016-6068)
Summary IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. Vulnerability Details CVEID: CVE-2016-6068 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user with access to the REST...
Security Bulletin: Pre-processing and post-processing scripts can access the entire domain model of server or agent (CVE-2016-2942)
Summary IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. Vulnerability Details CVEID: CVE-2016-2942 DESCRIPTION: IBM UrbanCode Deploy could allow an...
Security Bulletin: Properties with special characters in IBM UrbanCode Deploy might not be obfuscated correctly (CVE-2016-0364)
Summary Secure properties in IBM UrbanCode Deploy that contain certain special characters are not obfuscated correctly in the step output logs of steps that use the properties. Vulnerability Details CVEID: CVE-2016-0364 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user with...
Security Bulletin: Secure Properties in IBM UrbanCode Deploy Vulnerable (CVE-2016-0267)
Summary Certain secure properties in IBM UrbanCode Deploy can be obtained by an authenticated user from the server UI. Also, certain secure properties can be obtained in plain text from the IBM UrbanCode Deploy database by a user who has read permission to the database. Vulnerability Details CVEI...