Vulnerabilities > IBM > Urbancode Deploy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-40376 | Improper Authentication vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. | 6.5 |
| 2023-05-06 | CVE-2022-43877 | Insecure Storage of Sensitive Information vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. | 5.1 |
| 2022-12-20 | CVE-2022-46771 | Cross-site Scripting vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. | 4.6 |
| 2022-11-17 | CVE-2022-40751 | Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601. | 4.9 |
| 2022-08-01 | CVE-2022-35716 | Incorrect Authorization vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. | 6.5 |
| 2022-07-01 | CVE-2022-22366 | Cleartext Storage of Sensitive Information vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. | 4.4 |
| 2022-07-01 | CVE-2022-22367 | Cleartext Storage of Sensitive Information vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. | 5.5 |
| 2021-07-08 | CVE-2021-29711 | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. | 4.3 |
| 2021-03-30 | CVE-2020-4944 | Cleartext Storage of Sensitive Information vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. | 5.5 |
| 2021-03-30 | CVE-2020-4884 | Cleartext Storage of Sensitive Information vulnerability in IBM Urbancode Deploy 6.2.7.9/7.0.5.4/7.1.1.1 IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |