Vulnerabilities > IBM > Urbancode Deploy

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-22331 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent.
local
low complexity
ibm CWE-200
5.5
2023-12-20 CVE-2023-42012 Unspecified vulnerability in IBM Urbancode Deploy
An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.
local
low complexity
ibm
5.5
2023-12-20 CVE-2023-42013 Information Exposure Through an Error Message vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2023-12-20 CVE-2023-47161 Improper Input Validation vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
network
low complexity
ibm CWE-20
6.5
2023-12-19 CVE-2023-42015 Cross-site Scripting vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
4.3
2023-10-04 CVE-2023-40376 Improper Authentication vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls.
network
low complexity
ibm CWE-287
6.5
2023-05-06 CVE-2022-43877 Insecure Storage of Sensitive Information vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file.
local
low complexity
ibm CWE-922
5.5
2022-12-20 CVE-2022-46771 Cross-site Scripting vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.6
2022-11-17 CVE-2022-40751 Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches.  IBM X-Force ID:   236601.
network
low complexity
ibm CWE-522
4.9
2022-08-01 CVE-2022-35716 Incorrect Authorization vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.
network
low complexity
ibm CWE-863
6.5