Vulnerability Details CVE-2015-4964
IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v2 Score 6.0
References
Products affected by CVE-2015-4964
-
cpe:2.3:a:ibm:urbancode_deploy:6.0
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.0
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8
-
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9
-
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0
-
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1
-
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2
-
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3
-
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4
-
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5
-
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6
-
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7
-
cpe:2.3:a:ibm:urbancode_deploy:6.1.2