CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22359 – IBM UrbanCode Deploy cross-site scripting
https://notcve.org/view.php?id=CVE-2024-22359
12 Apr 2024 — IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897. IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 e IBM DevOps... • https://exchange.xforce.ibmcloud.com/vulnerabilities/280897 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22331 – IBM UrbanCode Deploy information disclosure
https://notcve.org/view.php?id=CVE-2024-22331
06 Feb 2024 — IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.19, 7.1 a 7.1.2.15, 7.2 a 7.2.3.8, 7.3 a 7.3.2.3 e IBM UrbanCode Deploy (UCD): IBM DevOps Deploy 8.0.0.0 podría revelar información confidencial del usuario cuando instalar el agente de Windows. ID de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/279971 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47161 – IBM UrbanCode Deploy denial of service
https://notcve.org/view.php?id=CVE-2023-47161
19 Dec 2023 — IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 puede manejar mal la validación de entrada de un archivo cargado, lo que lleva a una denegación de servicio debido al agotamiento de los recursos. ID de IBM X-Force: 270799. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270799 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42012 – IBM UrbanCode Deploy denial of service
https://notcve.org/view.php?id=CVE-2023-42012
19 Dec 2023 — An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509. IBM UrbanCode Deploy Agent 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 instalado como un servicio de Windows en una ubicación no estándar podría estar sujeto a un ataque de denegación de servicio por parte de cuentas locales. ID de IBM X-Force: 265509. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265509 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42013 – IBM UrbanCode Deploy information disclosure
https://notcve.org/view.php?id=CVE-2023-42013
19 Dec 2023 — IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico deta... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265510 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42015 – IBM UrbanCode Deploy HTML injection
https://notcve.org/view.php?id=CVE-2023-42015
19 Dec 2023 — IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario we... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40376 – IBM UrbanCode Deploy (UCD) improper authentication controls
https://notcve.org/view.php?id=CVE-2023-40376
04 Oct 2023 — IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. IBM UrbanCode Deploy (UCD) versiones 7.1 - 7.1.2.12, 7.2 a 7.2.3.5 y 7.3 a 7.3.2.0 en determinadas configuraciones podría permitir que un usuario autenticado realice cambios en las variables de entorno debido a controles de autenticación inadecuados. ID d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43877 – IBM UrbanCode Deploy (UCD) information disclosure
https://notcve.org/view.php?id=CVE-2022-43877
06 May 2023 — IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240148 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46771 – IBM UrbanCode Deploy (UCD) cross-site scripting
https://notcve.org/view.php?id=CVE-2022-46771
20 Dec 2022 — IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273. IBM UrbanCode Deploy (UCD) 6.2.0.0 a 6.2.7.18, 7.0.5.0 a 7.0.5.13, 7.1.0.0 a 7.1.2.9, 7.2.0.0 a 7.2.3.2 y 7.3.0.0 e... • https://exchange.xforce.ibmcloud.com/vulnerabilities/242273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •