CVE-2022-46771

IBM UrbanCode Deploy (UCD) cross-site scripting

Severity Score

4.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.

IBM UrbanCode Deploy (UCD) 6.2.0.0 a 6.2.7.18, 7.0.5.0 a 7.0.5.13, 7.1.0.0 a 7.1.2.9, 7.2.0.0 a 7.2.3.2 y 7.3.0.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. ID de IBM X-Force: 242273.

*Credits: N/A

CVSS Scores

NISTv3.1 4.6

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-12-07 CVE Reserved
2022-12-20 CVE Published
2024-07-12 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://www.ibm.com/support/pages/node/6848897	2023-11-07

URL	Date	SRC
https://exchange.xforce.ibmcloud.com/vulnerabilities/242273	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Urbancode Deploy Search vendor "Ibm" for product "Urbancode Deploy"				>= 6.2.0.0 <= 6.2.7.18 Search vendor "Ibm" for product "Urbancode Deploy" and version " >= 6.2.0.0 <= 6.2.7.18"		-		Affected
Ibm Search vendor "Ibm"		Urbancode Deploy Search vendor "Ibm" for product "Urbancode Deploy"				>= 7.0.5.0 <= 7.0.5.13 Search vendor "Ibm" for product "Urbancode Deploy" and version " >= 7.0.5.0 <= 7.0.5.13"		-		Affected
Ibm Search vendor "Ibm"		Urbancode Deploy Search vendor "Ibm" for product "Urbancode Deploy"				>= 7.1.0.0 <= 7.1.2.9 Search vendor "Ibm" for product "Urbancode Deploy" and version " >= 7.1.0.0 <= 7.1.2.9"		-		Affected
Ibm Search vendor "Ibm"		Urbancode Deploy Search vendor "Ibm" for product "Urbancode Deploy"				>= 7.2.0.0 <= 7.2.3.2 Search vendor "Ibm" for product "Urbancode Deploy" and version " >= 7.2.0.0 <= 7.2.3.2"		-		Affected
Ibm Search vendor "Ibm"		Urbancode Deploy Search vendor "Ibm" for product "Urbancode Deploy"				7.3.0.0 Search vendor "Ibm" for product "Urbancode Deploy" and version "7.3.0.0"		-		Affected