Vulnerabilities > IBM > Urbancode Deploy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-30 | CVE-2020-4848 | Unspecified vulnerability in IBM Urbancode Deploy 6.2.7.9/7.0.5.4/7.1.1.1 IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. | 5.4 |
| 2020-11-06 | CVE-2020-4484 | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. | 4.3 |
| 2020-11-06 | CVE-2020-4483 | Information Exposure Through an Error Message vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2020-11-06 | CVE-2020-4482 | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. | 6.5 |
| 2020-05-11 | CVE-2019-4667 | Cleartext Transmission of Sensitive Information vulnerability in IBM Urbancode Deploy 7.0.5.2 IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2020-04-23 | CVE-2019-4668 | Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2020-04-16 | CVE-2020-4260 | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. | 4.3 |
| 2018-08-30 | CVE-2016-0373 | Improper Authorization vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. | 4.3 |
| 2018-08-13 | CVE-2017-1749 | Path Traversal vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2018-08-13 | CVE-2017-1286 | Information Exposure vulnerability in IBM Urbancode Deploy Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. | 6.5 |