Urbancode Deploy@6.1.1.0 Security Vulnerabilities and Issues — Urbancode Deploy@6.1.1.0 CVE List

Lucene search

IbmUrbancode Deploy6.1.1.0

8 matches found

CVE•added 2016/07/01 1:59 a.m.•46 views

CVE-2016-0364

IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.

4.3CVSS4AI score0.00155EPSS

CVE•added 2016/07/08 1:59 a.m.•42 views

CVE-2016-0271

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.

8.2CVSS7.6AI score0.00038EPSS

CVE•added 2016/01/01 5:59 a.m.•39 views

CVE-2015-7415

Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5AI score0.00168EPSS

CVE•added 2017/04/25 6:59 p.m.•39 views

CVE-2017-1149

IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IB...

8.1CVSS8AI score0.00359EPSS

CVE•added 2018/01/09 8:29 p.m.•39 views

CVE-2017-1493

IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691.

5.5CVSS5.3AI score0.00135EPSS

CVE•added 2016/07/01 1:59 a.m.•35 views

CVE-2016-0365

IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.

5.9CVSS5.7AI score0.00188EPSS

CVE•added 2016/06/29 1:59 a.m.•34 views

CVE-2016-0267

IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.

7.7CVSS6.9AI score0.00202EPSS

CVE•added 2015/10/06 1:59 a.m.•31 views

CVE-2015-4964

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.

6CVSS6.8AI score0.01835EPSS