Ibm: >> Urbancode Deploy >> 6.0.1.13 Security Vulnerabilities
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-02-01
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
CVSS Score
10.0
EPSS Score
0.008
Published
2017-02-01
The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.
CVSS Score
8.2
EPSS Score
0.0
Published
2016-07-08
Page 2