Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Urbancode_deploy
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 57 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-04-25 | CVE-2017-1149 | IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202. | Urbancode_deploy | 8.1 | ||
| 2017-02-01 | CVE-2016-9008 | IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | Urbancode_deploy | 7.5 | ||
| 2017-03-08 | CVE-2016-9006 | IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264. | Urbancode_deploy | 5.4 | ||
| 2017-02-01 | CVE-2016-8938 | IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. | Urbancode_deploy | 10.0 | ||
| 2017-02-01 | CVE-2016-6068 | IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. | Urbancode_deploy | 7.5 | ||
| 2016-12-01 | CVE-2016-2994 | Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Urbancode_deploy | 5.4 | ||
| 2017-02-01 | CVE-2016-2942 | IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | Urbancode_deploy | 7.5 | ||
| 2017-02-01 | CVE-2016-2941 | IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. | Urbancode_deploy | 5.5 | ||
| 2016-06-30 | CVE-2016-0365 | IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors. | Urbancode_deploy | 5.9 | ||
| 2016-06-30 | CVE-2016-0364 | IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters. | Urbancode_deploy | 4.3 |