CVE-2024-22331 – IBM UrbanCode Deploy information disclosure
https://notcve.org/view.php?id=CVE-2024-22331
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.19, 7.1 a 7.1.2.15, 7.2 a 7.2.3.8, 7.3 a 7.3.2.3 e IBM UrbanCode Deploy (UCD): IBM DevOps Deploy 8.0.0.0 podría revelar información confidencial del usuario cuando instalar el agente de Windows. ID de IBM X-Force: 279971. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279971 https://www.ibm.com/support/pages/node/7114131 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-47161 – IBM UrbanCode Deploy denial of service
https://notcve.org/view.php?id=CVE-2023-47161
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 puede manejar mal la validación de entrada de un archivo cargado, lo que lleva a una denegación de servicio debido al agotamiento de los recursos. ID de IBM X-Force: 270799. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270799 https://www.ibm.com/support/pages/node/7096552 • CWE-20: Improper Input Validation •
CVE-2023-42013 – IBM UrbanCode Deploy information disclosure
https://notcve.org/view.php?id=CVE-2023-42013
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265510 https://www.ibm.com/support/pages/node/7096547 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2023-42015 – IBM UrbanCode Deploy HTML injection
https://notcve.org/view.php?id=CVE-2023-42015
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podría provocar la divulgación de información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 https://www.ibm.com/support/pages/node/7096546 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40376 – IBM UrbanCode Deploy (UCD) improper authentication controls
https://notcve.org/view.php?id=CVE-2023-40376
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. IBM UrbanCode Deploy (UCD) versiones 7.1 - 7.1.2.12, 7.2 a 7.2.3.5 y 7.3 a 7.3.2.0 en determinadas configuraciones podría permitir que un usuario autenticado realice cambios en las variables de entorno debido a controles de autenticación inadecuados. ID de IBM X-Force: 263581. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 https://www.ibm.com/support/pages/node/7037230 • CWE-287: Improper Authentication CWE-862: Missing Authorization •