IBM UCD 7.1-7.3 Improper Auth Enables Env Var Alteration
CVE-2023-40376 Published on October 4, 2023
IBM UrbanCode Deploy (UCD) improper authentication controls
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.
Vulnerability Analysis
CVE-2023-40376 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2023-40376 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-40376
Want to know whenever a new CVE is published for IBM Urbancode Deploy? stack.watch will email you.
Affected Versions
IBM UrbanCode Deploy:- Version 7.1, <= 7.1.2.12 is affected.
- Version 7.2, <= 7.2.3.5 is affected.
- Version 7.3, <= 7.3.2.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.