Ibm: >> Urbancode Deploy >> 7.0.4.0 Security Vulnerabilities
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-11-06
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.
CVSS Score
8.2
EPSS Score
0.004
Published
2020-08-05
IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955.
CVSS Score
5.0
EPSS Score
0.002
Published
2020-04-23
IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.
CVSS Score
3.1
EPSS Score
0.001
Published
2020-04-16
Page 3