Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Urbancode_deploy
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 56 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-12 | CVE-2024-22334 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM... | Devops_deploy, Urbancode_deploy | 4.4 | ||
| 2024-04-12 | CVE-2024-22339 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979. | Devops_deploy, Urbancode_deploy | 4.3 | ||
| 2024-04-12 | CVE-2024-22358 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896. | Devops_deploy, Urbancode_deploy | 8.8 | ||
| 2024-04-12 | CVE-2024-22359 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897. | Devops_deploy, Urbancode_deploy | 6.1 | ||
| 2025-01-21 | CVE-2024-45091 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | Urbancode_deploy | 5.5 | ||
| 2023-05-06 | CVE-2022-43877 | IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | Urbancode_deploy | 5.1 | ||
| 2024-05-14 | CVE-2024-28781 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654. | Devops_deploy, Urbancode_deploy | 5.4 | ||
| 2020-04-16 | CVE-2020-4260 | IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639. | Urbancode_deploy | 4.3 | ||
| 2020-04-23 | CVE-2020-4202 | IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955. | Urbancode_deploy | 8.8 | ||
| 2020-08-05 | CVE-2020-4481 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848. | Urbancode_deploy | 8.2 |