This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2021-03-30
Product Urbancode Deploy Last view 2022-11-17
Version 7.0.5.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:urbancode_deploy

Activity : Overall

Related : CVE

  Date Alert Description
4.9 2022-11-17 CVE-2022-40751

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601.

6.5 2022-08-01 CVE-2022-35716

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.

8.8 2022-04-27 CVE-2022-22315

IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.

7.5 2022-04-01 CVE-2022-22327

IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859.

5.5 2021-03-30 CVE-2020-4944

IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-668 Exposure of Resource to Wrong Sphere
20% (1) CWE-522 Insufficiently Protected Credentials
20% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
20% (1) CWE-312 Cleartext Storage of Sensitive Information
20% (1) CWE-269 Improper Privilege Management