CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42015 – IBM UrbanCode Deploy HTML injection
https://notcve.org/view.php?id=CVE-2023-42015
19 Dec 2023 — IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario we... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40376 – IBM UrbanCode Deploy (UCD) improper authentication controls
https://notcve.org/view.php?id=CVE-2023-40376
04 Oct 2023 — IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. IBM UrbanCode Deploy (UCD) versiones 7.1 - 7.1.2.12, 7.2 a 7.2.3.5 y 7.3 a 7.3.2.0 en determinadas configuraciones podría permitir que un usuario autenticado realice cambios en las variables de entorno debido a controles de autenticación inadecuados. ID d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43877 – IBM UrbanCode Deploy (UCD) information disclosure
https://notcve.org/view.php?id=CVE-2022-43877
06 May 2023 — IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240148 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46771 – IBM UrbanCode Deploy (UCD) cross-site scripting
https://notcve.org/view.php?id=CVE-2022-46771
20 Dec 2022 — IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273. IBM UrbanCode Deploy (UCD) 6.2.0.0 a 6.2.7.18, 7.0.5.0 a 7.0.5.13, 7.1.0.0 a 7.1.2.9, 7.2.0.0 a 7.2.3.2 y 7.3.0.0 e... • https://exchange.xforce.ibmcloud.com/vulnerabilities/242273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •