CVE-2023-40376 – IBM UrbanCode Deploy (UCD) improper authentication controls
https://notcve.org/view.php?id=CVE-2023-40376
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. IBM UrbanCode Deploy (UCD) versiones 7.1 - 7.1.2.12, 7.2 a 7.2.3.5 y 7.3 a 7.3.2.0 en determinadas configuraciones podría permitir que un usuario autenticado realice cambios en las variables de entorno debido a controles de autenticación inadecuados. ID de IBM X-Force: 263581. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 https://www.ibm.com/support/pages/node/7037230 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVE-2022-43877 – IBM UrbanCode Deploy (UCD) information disclosure
https://notcve.org/view.php?id=CVE-2022-43877
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240148 https://www.ibm.com/support/pages/node/6967351 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2022-46771 – IBM UrbanCode Deploy (UCD) cross-site scripting
https://notcve.org/view.php?id=CVE-2022-46771
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273. IBM UrbanCode Deploy (UCD) 6.2.0.0 a 6.2.7.18, 7.0.5.0 a 7.0.5.13, 7.1.0.0 a 7.1.2.9, 7.2.0.0 a 7.2.3.2 y 7.3.0.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/242273 https://www.ibm.com/support/pages/node/6848897 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •