Vulnerabilities > IBM > Urbancode Deploy > 7.2.3.5

DATE CVE VULNERABILITY TITLE RISK
2025-01-21 CVE-2024-45091 Information Exposure Through Log Files vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
local
low complexity
ibm CWE-532
5.5
5.5
2024-05-14 CVE-2024-28781 Unspecified vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
5.4
2024-04-12 CVE-2024-22334 Unspecified vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.
network
high complexity
ibm
4.4
4.4
2024-04-12 CVE-2024-22339 Unspecified vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files.
network
low complexity
ibm
4.3
4.3
2024-04-12 CVE-2024-22358 Unspecified vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm
8.8
8.8
2024-04-12 CVE-2024-22359 Unspecified vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting.
network
low complexity
ibm
6.1
6.1