Lucene search
K

590 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.19 views

Security Bulletin: IBM UrbanCode Deploy Agents Don't Verify Server Identity (CVE-2016-0271)

Summary Mutual authentication in IBM UrbanCode Deploy ensures that unknown agents cannot connect to the server over JMS. However, if a trusted agent is compromised, it can impersonate the server and send work to other agents. Agents do not verify the identity of the server over either HTTP or JMS...

8.2CVSS0.6AI score0.00327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.19 views

Security Bulletin: Relays do not properly authenticate agents attempting to download artifacts (CVE-2016-0365)

Summary When using Codestation caching of artifacts on agent relays, agents can download artifacts without properly authenticating. Vulnerability Details CVEID: CVE-2016-0365 DESCRIPTION: IBM UrbanCode Deploy could allow an attacker with special knowledge of the system to download artifacts witho...

5.9CVSS1.9AI score0.01181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.29 views

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351)

Summary Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy. Vulnerability Details CVEID: CVE-2015-5345 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, a...

8.8CVSS0.6AI score0.1838EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.21 views

Security Bulletin: Multiple XSS Vulnerabilities in IBM UrbanCode Deploy (CVE-2015-7415)

Summary Multiple persistent XSS vulnerabilites were discovered in IBM UrbanCode Deploy. Vulnerability Details CVE ID: CVE-2015-7415 Description: IBM UrbanCode Deploy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

5.4CVSS0.9AI score0.00622EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.28 views

Security Bulletin: Exposed Authentication Token in IBM UrbanCode Deploy (CVE-2015-4964)

Summary In previous versions of IBM UrbanCode Deploy, the authentication token is displayed in the execution logs. In certain steps that are run using the admin user permissions, this can allow non-administrator users to impersonate the admin user. In other processes, this can allow other users t...

6CVSS0.8AI score0.01451EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.39 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns (CVE-2015-2590, CVE-2015-4733, CVE-2015-4748, CVE-2015-2621, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Versions 1.7.0 and 1.7.1 that are used by IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details...

10CVSS1AI score0.47239EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.40 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Versions 1.7.0 and 1.7.1 that are used by IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details...

10CVSS1AI score0.47239EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.22 views

Security Bulletin: Vulnerability in DHE key exchange algorithm affects IBM UrbanCode Deploy (CVE-2015-4000)

Summary SSL cipher suites using non-Elliptic Curve Diffie-Hellman key exchange algorithms with key sizes of less than 1024 are vulnerable to man in the middle attacks. Previous versions of the IBM UrbanCode Deploy server left these cipher suites enabled. Vulnerability Details CVE ID: CVE-2015-400...

4.3CVSS0.7AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.37 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2014-0227)

Summary Previous releases of IBM UrbanCode Deploy are affected by a HTTP request smuggling vulnerability in Apache Tomcat. Vulnerability Details CVE ID: CVE-2014-0227 Description: Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a...

6.4CVSS0.5AI score0.21045EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.101 views

Security Bulletin: Vulnerability in SSLv3 affects IBM UrbanCode Deploy (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM UrbanCode Deploy. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follo...

4.3CVSS3.9AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.27 views

Security Bulletin: Exposed Keystores in IBM UrbanCode Deploy

Summary The 6.1.0.2 release of IBM UrbanCode Deploy may expose secret keystores to a user with access to the correct page. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with...

4CVSS0.01082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.43 views

Security Bulletin: Apache Tomcat Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0075,CVE-2014-0095,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119)

Summary Previous releases of IBM UrbanCode Deploy are affected by vulnerabilities in Apache Tomcat that may allow remote attackers to influence the availability of the server or obtain sensitive information. Vulnerability Details | Subscribe to My Notifications to be notified of important product...

5CVSS1AI score0.2006EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.33 views

Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Summary Previous releases of IBM UrbanCode Deploy are affected by vulnerabilities in Apache Tomcat and FileUpload that may allow remote attackers to influence the availability of the server or obtain sensitive information. Vulnerability Details | Subscribe to My Notifications to be notified of...

7.5CVSS1.1AI score0.83175EPSS
Exploits14Affected Software1
CNVD
CNVD
added 2018/05/29 12:0 a.m.1 views

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2018-10455)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

4.9CVSS6.5AI score0.01637EPSS
Exploits0References1
Prion
Prion
added 2018/05/25 2:29 p.m.13 views

Code injection

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

4CVSS4.7AI score0.01637EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/05/25 2:29 p.m.17 views

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

4.9CVSS4.7AI score0.01637EPSS
Exploits0References3
OSV
OSV
added 2018/05/25 2:29 p.m.3 views

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

4.9CVSS5.8AI score0.01637EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/05/25 2:0 p.m.23 views

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

4.7AI score0.01637EPSS
Exploits0References3
CNVD
CNVD
added 2018/01/11 12:0 a.m.1 views

IBM UrbanCode Deploy Access Bypass Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

5.5CVSS6.7AI score0.007EPSS
Exploits0References1
OSV
OSV
added 2018/01/09 8:29 p.m.2 views

CVE-2017-1493

IBM UrbanCode Deploy UCD 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691...

5.4CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder