597 matches found
CVE-2016-6068
IBM UrbanCode Deploy is affected by CVE-2016-6068. The IBM Security Bulletin confirms that an authenticated user with REST endpoint access could access API and CLI getResource secured role properties. Affected versions include 6.0.x through 6.2.x series listed in the bulletin, with remediation vi...
CVE-2016-9008
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent...
CVE-2016-2942
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine...
CVE-2016-2941
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user...
CVE-2016-6068
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...
CVE-2016-2942
CVE-2016-2942 affects IBM UrbanCode Deploy. An authenticated user with special permissions can craft a script on the server that causes processes to run on a remote UCD agent machine. The IBM advisory lists affected versions (6.0–6.2.x) and provides fixes: upgrade to 6.2.3 (for 6.2.x) or 6.1.3.4 ...
CVE-2016-9008
IBM UrbanCode Deploy contains a vulnerability where a malicious user could access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. Public details indicate a network-exposed vector with no authentication, high integrity impact, but the provided sources do not specify a f...
CVE-2016-2941
The CVE-2016-2941 entry impacts IBM UrbanCode Deploy. Affected behavior is that during step execution, the product creates temporary files which may contain sensitive information, including passwords, that could be read by a local user. The documents do not provide specifics on vulnerable version...
CVE-2016-0320
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes...
CVE-2016-8938
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications...
CVE-2016-8938
CVE-2016-8938 affects IBM UrbanCode Deploy (UCD). The vulnerability allows remote code execution via a crafted file upload that replaces server code, with potential execution on UCD agent machines hosting production apps. IBM’s advisory lists affected versions (e.g., 6.0.x, 6.1.x, 6.2.x lines) an...
IBM UrbanCode Deploy Security Bypass Vulnerability
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...
IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2017-00171)
IBM UrbanCode Deploy is a set of application automation deployment tools from IBM in the United States. IBM UrbanCode Deploy has an information disclosure vulnerability. Allowing an attacker could exploit the vulnerability to access sensitive information...
IBM UrbanCode Deploy Remote Code Execution Vulnerability
IBM UrbanCode Deploy is a set of application automation deployment tools from IBM in the United States. A remote code execution vulnerability exists in IBM UrbanCode Deploy. Allows an attacker to exploit the vulnerability to execute arbitrary code in the context of the affected application...
CVE-2016-2994
Cross-site scripting XSS vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-2994
Cross-site scripting XSS vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-2994
Cross-site scripting XSS vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-2994
Cross-site scripting XSS vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-2994
CVE-2016-2994 describes a Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x prior to 6.2.1.2. The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. The root cause is related to vulnerable input handling in the 6.2.x line, ...