Vulnerabilities > IBM > Urbancode Deploy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-4483 | Information Exposure Through an Error Message vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
| 2020-11-06 | CVE-2020-4482 | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. | 4.0 |
| 2020-08-05 | CVE-2020-4481 | XML Entity Expansion vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2020-05-11 | CVE-2019-4667 | Information Exposure vulnerability in IBM Urbancode Deploy 7.0.5.2 IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2020-04-23 | CVE-2020-4202 | Improper Privilege Management vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). | 6.0 |
| 2020-04-23 | CVE-2019-4668 | Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. | 2.1 |
| 2020-04-16 | CVE-2020-4260 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. | 4.0 |
| 2020-02-13 | CVE-2019-4666 | Unspecified vulnerability in IBM Urbancode Build and Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. | 2.1 |
| 2018-08-30 | CVE-2016-0373 | Improper Authorization vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. | 4.0 |
| 2018-08-13 | CVE-2017-1749 | Path Traversal vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. | 5.0 |