CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42013 – IBM UrbanCode Deploy information disclosure
https://notcve.org/view.php?id=CVE-2023-42013
19 Dec 2023 — IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico deta... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265510 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42015 – IBM UrbanCode Deploy HTML injection
https://notcve.org/view.php?id=CVE-2023-42015
19 Dec 2023 — IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario we... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40376 – IBM UrbanCode Deploy (UCD) improper authentication controls
https://notcve.org/view.php?id=CVE-2023-40376
04 Oct 2023 — IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. IBM UrbanCode Deploy (UCD) versiones 7.1 - 7.1.2.12, 7.2 a 7.2.3.5 y 7.3 a 7.3.2.0 en determinadas configuraciones podría permitir que un usuario autenticado realice cambios en las variables de entorno debido a controles de autenticación inadecuados. ID d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43877 – IBM UrbanCode Deploy (UCD) information disclosure
https://notcve.org/view.php?id=CVE-2022-43877
06 May 2023 — IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240148 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46771 – IBM UrbanCode Deploy (UCD) cross-site scripting
https://notcve.org/view.php?id=CVE-2022-46771
20 Dec 2022 — IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273. IBM UrbanCode Deploy (UCD) 6.2.0.0 a 6.2.7.18, 7.0.5.0 a 7.0.5.13, 7.1.0.0 a 7.1.2.9, 7.2.0.0 a 7.2.3.2 y 7.3.0.0 e... • https://exchange.xforce.ibmcloud.com/vulnerabilities/242273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40751 – IBM UrbanCode Deploy information disclosure
https://notcve.org/view.php?id=CVE-2022-40751
17 Nov 2022 — IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601. IBM UrbanCode Deploy (UCD) 6.2.7.0 a 6.2.7.17, 7.0.0.0 a 7.0.5.12, 7.1.0.0 a 7.1.2.8 y 7.2.0.0 a 7.2.3.1 podría permitir a un usuario con privilegios administrativos, in... • https://exchange.xforce.ibmcloud.com/vulnerabilities/236601 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35716
https://notcve.org/view.php?id=CVE-2022-35716
31 Jul 2022 — IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360. IBM UrbanCode Deploy (UCD) versiones 6.2.0.0 hasta 6.2.7.16, 7.0.0 hasta 7.0.5.11, 7.1.0.0 hasta 7.1.2.7 y 7.2.0.0 hasta 7.2.3.0, podrían permitir a un usuario autenticado obtener información confidencial en algunos casos debido a una co... • https://exchange.xforce.ibmcloud.com/vulnerabilities/231360 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22367
https://notcve.org/view.php?id=CVE-2022-22367
01 Jul 2022 — IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. IBM UrbanCode Deploy (UCD) versiones 6.2.7.15, 7.0.5.10, 7.1.2.6 y 7.2.2.1, podría divulgar información confidencial de la base de datos a un usuario local en texto plano. IBM X-Force ID: 221008 • https://exchange.xforce.ibmcloud.com/vulnerabilities/221008 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22366
https://notcve.org/view.php?id=CVE-2022-22366
01 Jul 2022 — IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. IBM UrbanCode Deploy (UCD) versiones 6.2.7.15, 7.0.5.10, 7.1.2.6 y 7.2.2.1, almacena credenciales de usuario en texto sin cifrar que puede leer un usuario local. IBM X-Force ID: 22106 • https://exchange.xforce.ibmcloud.com/vulnerabilities/221006 • CWE-312: Cleartext Storage of Sensitive Information •