Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Urbancode_deploy
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 50 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-01-09 | CVE-2017-1493 | IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691. | Urbancode_deploy | 5.4 | ||
| 2018-05-25 | CVE-2017-1752 | IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547. | Urbancode_deploy | 4.9 | ||
| 2018-08-13 | CVE-2017-1286 | Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147. | Urbancode_deploy | 6.5 | ||
| 2017-04-25 | CVE-2017-1149 | IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202. | Urbancode_deploy | 8.1 | ||
| 2017-02-01 | CVE-2016-9008 | IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | Urbancode_deploy | 7.5 | ||
| 2017-03-08 | CVE-2016-9006 | IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264. | Urbancode_deploy | 5.4 | ||
| 2017-02-01 | CVE-2016-8938 | IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. | Urbancode_deploy | 10.0 | ||
| 2017-02-01 | CVE-2016-6068 | IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. | Urbancode_deploy | 7.5 | ||
| 2016-12-01 | CVE-2016-2994 | Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Urbancode_deploy | 5.4 | ||
| 2017-02-01 | CVE-2016-2942 | IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | Urbancode_deploy | 7.5 |