Ibm

Urbancode Deploy

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2020-4944

  • EPSS 0.02%
  • Veröffentlicht 30.03.2021 16:15:14
  • Zuletzt bearbeitet 21.11.2024 05:33:27

IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.

5.5

CVE-2020-4884

  • EPSS 0.02%
  • Veröffentlicht 30.03.2021 16:15:14
  • Zuletzt bearbeitet 21.11.2024 05:33:22

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.

4.3

CVE-2020-4484

  • EPSS 0.12%
  • Veröffentlicht 06.11.2020 14:15:17
  • Zuletzt bearbeitet 21.11.2024 05:32:47

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.

4.3

CVE-2020-4483

  • EPSS 0.11%
  • Veröffentlicht 06.11.2020 14:15:17
  • Zuletzt bearbeitet 21.11.2024 05:32:47

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks agai...

6.5

CVE-2020-4482

  • EPSS 0.13%
  • Veröffentlicht 06.11.2020 14:15:17
  • Zuletzt bearbeitet 21.11.2024 05:32:47

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856.

8.2

CVE-2020-4481

  • EPSS 0.43%
  • Veröffentlicht 05.08.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:47

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume m...

5.9

CVE-2019-4667

  • EPSS 0.11%
  • Veröffentlicht 11.05.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:56

IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information us...

8.8

CVE-2020-4202

  • EPSS 0.23%
  • Veröffentlicht 23.04.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:32:23

IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955.

5.5

CVE-2019-4668

  • EPSS 0.04%
  • Veröffentlicht 23.04.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:43:57

IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250.

4.3

CVE-2020-4260

  • EPSS 0.12%
  • Veröffentlicht 16.04.2020 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:28

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.