Urbancode Deploy IBM Urbancode Deploy

Do you want an email whenever new security vulnerabilities are reported in IBM Urbancode Deploy?

By the Year

In 2022 there have been 6 vulnerabilities in IBM Urbancode Deploy with an average score of 6.7 out of ten. Last year Urbancode Deploy had 4 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 1.53.

Year Vulnerabilities Average Score
2022 6 6.70
2021 4 5.18
2020 8 5.24
2019 0 0.00
2018 0 0.00

It may take a day or so for new Urbancode Deploy vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Urbancode Deploy Security Vulnerabilities

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could

CVE-2022-35716 6.5 - Medium - August 01, 2022

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.

Exposure of Resource to Wrong Sphere

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text

CVE-2022-22366 4.4 - Medium - July 01, 2022

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.

Cleartext Storage of Sensitive Information

IBM UrbanCode Deploy (UCD) 6.2.7.15

CVE-2022-22367 5.5 - Medium - July 01, 2022

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.

Cleartext Storage of Sensitive Information

IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms

CVE-2021-39082 7.5 - High - April 29, 2022

IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Use of a Broken or Risky Cryptographic Algorithm

IBM UrbanCode Deploy (UCD) 7.2.2.1 could

CVE-2022-22315 8.8 - High - April 27, 2022

IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.

Improper Privilege Management

IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms

CVE-2022-22327 7.5 - High - April 01, 2022

IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859.

Use of a Broken or Risky Cryptographic Algorithm

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could

CVE-2021-29711 4.3 - Medium - July 08, 2021

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user

CVE-2020-4884 5.5 - Medium - March 30, 2021

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.

Cleartext Storage of Sensitive Information

IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit

CVE-2020-4944 5.5 - Medium - March 30, 2021

IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.

Cleartext Storage of Sensitive Information

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources

CVE-2020-4848 5.4 - Medium - March 30, 2021

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293.

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user

CVE-2020-4484 4.3 - Medium - November 06, 2020

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.

Information Disclosure

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could

CVE-2020-4483 4.3 - Medium - November 06, 2020

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857.

Generation of Error Message Containing Sensitive Information

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security

CVE-2020-4482 6.5 - Medium - November 06, 2020

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856.

IBM UrbanCode Deploy (UCD) 7.0.5.2 could

CVE-2019-4667 5.9 - Medium - May 11, 2020

IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249.

Information Disclosure

IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could

CVE-2020-4202 8.8 - High - April 23, 2020

IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955.

Improper Privilege Management

IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user

CVE-2019-4668 5.5 - Medium - April 23, 2020

IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250.

Insufficiently Protected Credentials

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes

CVE-2020-4260 4.3 - Medium - April 16, 2020

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.

Information Disclosure

IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could

CVE-2019-4666 2.3 - Low - February 13, 2020

IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for IBM Urbancode Deploy or by IBM? Click the Watch button to subscribe.

IBM
Vendor

subscribe