Urbancode Deploy Security Vulnerabilities and Issues — Urbancode Deploy CVE List

Lucene search

IbmUrbancode Deploy

16 matches found

CVE•added 2022/07/01 6:15 p.m.•69 views

CVE-2022-22366

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.

4.9CVSS4.3AI score0.00046EPSS

CVE•added 2022/11/17 5:15 p.m.•59 views

CVE-2022-40751

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authentic...

4.9CVSS4.9AI score0.00033EPSS

CVE•added 2022/12/20 8:15 p.m.•53 views

CVE-2022-46771

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

4.6CVSS4.5AI score0.00135EPSS

CVE•added 2024/04/12 5:17 p.m.•52 views

CVE-2024-22334

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, ...

4.4CVSS4.6AI score0.00029EPSS

CVE•added 2024/04/12 5:17 p.m.•47 views

CVE-2024-22339

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.

4.3CVSS5.9AI score0.0006EPSS

CVE•added 2016/07/01 1:59 a.m.•46 views

CVE-2016-0364

IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.

4.3CVSS4AI score0.00155EPSS

CVE•added 2020/11/06 2:15 p.m.•44 views

CVE-2020-4484

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.

4.3CVSS4.1AI score0.00119EPSS

CVE•added 2025/02/08 5:15 p.m.•44 views

CVE-2024-54176

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authoriza...

4.3CVSS6AI score0.00033EPSS

CVE•added 2017/02/01 10:59 p.m.•42 views

CVE-2016-0320

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.

4.3CVSS4.8AI score0.00125EPSS

CVE•added 2018/05/25 2:29 p.m.•40 views

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.

4.9CVSS4.7AI score0.00286EPSS

CVE•added 2014/09/10 10:55 a.m.•39 views

CVE-2014-6074

IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page.

4CVSS6.1AI score0.00179EPSS

CVE•added 2018/08/30 4:29 p.m.•39 views

CVE-2016-0373

IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.

4.3CVSS4AI score0.00102EPSS

CVE•added 2021/07/08 4:15 p.m.•36 views

CVE-2021-29711

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.

4.9CVSS4.3AI score0.00083EPSS

CVE•added 2020/04/16 4:15 p.m.•31 views

CVE-2020-4260

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.

4.3CVSS4.1AI score0.00118EPSS

CVE•added 2020/11/06 2:15 p.m.•29 views

CVE-2020-4483

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857.

4.3CVSS4.2AI score0.00107EPSS

CVE•added 2023/12/19 3:15 a.m.•28 views

CVE-2023-42015

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512.

4.3CVSS4.5AI score0.00058EPSS