cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45091,https://securityvulnerability.io/vulnerability/CVE-2024-45091,Sensitive Information Exposure in IBM UrbanCode Deploy,"IBM UrbanCode Deploy versions 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 are subject to a vulnerability where potentially sensitive information is stored in HTTP request log files. This exposure allows local users with access to these log files to read confidential information, potentially leading to further security risks. It is essential for users of the affected versions to implement mitigations and monitor access to log files to protect sensitive data.",IBM,Urbancode Deploy,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T00:41:45.398Z,0
CVE-2024-28781,https://securityvulnerability.io/vulnerability/CVE-2024-28781,IBM UrbanCode Deploy vulnerable to Cross-Site Scripting,"IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  285654.",IBM,Urbancode Deploy,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-14T15:14:00.000Z,0
CVE-2024-22358,https://securityvulnerability.io/vulnerability/CVE-2024-22358,IBM UrbanCode Deploy Vulnerability: Impersonation of Another User After Logout,"IBM UrbanCode Deploy and IBM DevOps Deploy exhibit a vulnerability wherein sessions are not properly invalidated after user logout. This oversight allows an authenticated user to potentially impersonate another user, compromising the security and integrity of the system. Administrators should ensure appropriate session handling practices to mitigate this issue.",IBM,"Urbancode Deploy,Devops Deploy",8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-04-12T16:53:43.381Z,0
CVE-2024-22339,https://securityvulnerability.io/vulnerability/CVE-2024-22339,IBM UrbanCode Deploy Vulnerable to Sensitive Information Disclosure,"IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy  8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files.  IBM X-Force ID:  279979.",IBM,"Urbancode Deploy,Devops Deploy",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-12T16:51:39.984Z,0
CVE-2024-22334,https://securityvulnerability.io/vulnerability/CVE-2024-22334,Incomplete Revocation of Permissions Vulnerability Affects IBM UrbanCode Deploy and DevOps Deploy,"IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy  8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained.  IBM X-Force ID:  279974.",IBM,"Urbancode Deploy,Devops Deploy",4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-12T16:41:15.797Z,0
CVE-2024-22359,https://securityvulnerability.io/vulnerability/CVE-2024-22359,IBM UrbanCode Deploy vulnerable to Cross-Site Scripting,"IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy  8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  280897.",IBM,"Urbancode Deploy,Devops Deploy",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-04-12T16:20:38.337Z,0
CVE-2024-22331,https://securityvulnerability.io/vulnerability/CVE-2024-22331,IBM UrbanCode Deploy Vulnerability Could Disclose Sensitive User Information,"IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent.  IBM X-Force ID:  279971.",IBM,"UrbanCode Deploy ,DevOps Deploy",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-06T16:15:57.695Z,0
CVE-2023-42012,https://securityvulnerability.io/vulnerability/CVE-2023-42012,IBM UrbanCode Deploy denial of service,"An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.  IBM X-Force ID:  265509.",IBM,UrbanCode Deploy,6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-12-20T00:15:00.000Z,0
CVE-2023-47161,https://securityvulnerability.io/vulnerability/CVE-2023-47161,IBM UrbanCode Deploy denial of service,"IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.  IBM X-Force ID:  270799.",IBM,Urbancode Deploy,5.3,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-12-20T00:15:00.000Z,0
CVE-2023-42013,https://securityvulnerability.io/vulnerability/CVE-2023-42013,IBM UrbanCode Deploy information disclosure,"IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  265510.",IBM,UrbanCode Deploy,5.3,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2023-12-20T00:15:00.000Z,0
CVE-2023-42015,https://securityvulnerability.io/vulnerability/CVE-2023-42015,IBM UrbanCode Deploy HTML injection,"IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.  IBM X-Force ID:  265512.",IBM,Urbancode Deploy,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-12-19T03:15:00.000Z,0
CVE-2023-40376,https://securityvulnerability.io/vulnerability/CVE-2023-40376,IBM UrbanCode Deploy (UCD) improper authentication controls,"IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls.  IBM X-Force ID:  263581.",IBM,Urbancode Deploy,5.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-10-04T14:15:00.000Z,0
CVE-2022-43877,https://securityvulnerability.io/vulnerability/CVE-2022-43877,IBM UrbanCode Deploy (UCD) information disclosure,IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file.  IBM X-Force ID:  240148.,IBM,Urbancode Deploy,5.1,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-05-06T02:44:14.137Z,0
CVE-2022-46771,https://securityvulnerability.io/vulnerability/CVE-2022-46771,IBM UrbanCode Deploy (UCD) cross-site scripting,"
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.

",IBM,UrbanCode Deploy (UCD),4.6,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-12-20T19:40:41.039Z,0
CVE-2022-40751,https://securityvulnerability.io/vulnerability/CVE-2022-40751,IBM UrbanCode Deploy information disclosure,"
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including ""Manage Security"" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches.  IBM X-Force ID:  

236601.",IBM,Urbancode Deploy,4.9,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-11-17T16:36:14.175Z,0
CVE-2022-35716,https://securityvulnerability.io/vulnerability/CVE-2022-35716,Sensitive Information Disclosure in IBM UrbanCode Deploy,"IBM UrbanCode Deploy versions from 6.2.0.0 to 7.2.3.0 are affected by a vulnerability that may allow authenticated users to gain access to sensitive information due to inadequate security checks in place. This flaw poses a risk of data exposure within the system, potentially affecting user confidentiality. The identified issue highlights the need for stricter security measures to safeguard sensitive data against unauthorized access.",IBM,Urbancode Deploy,5.3,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-08-01T11:15:00.000Z,0
CVE-2022-22366,https://securityvulnerability.io/vulnerability/CVE-2022-22366,Credential Storage Vulnerability in IBM UrbanCode Deploy,"IBM UrbanCode Deploy suffers from a vulnerability where user credentials are stored in plain text. This flaw allows local users to easily access sensitive information, potentially leading to unauthorized actions and data breaches. Organizations using affected versions should take immediate steps to secure their systems and implement proper credentials management practices to mitigate risks.",IBM,Urbancode Deploy,4.9,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-06-30T00:00:00.000Z,0
CVE-2022-22367,https://securityvulnerability.io/vulnerability/CVE-2022-22367,Information Disclosure in IBM UrbanCode Deploy Affects Numerous Versions,"IBM UrbanCode Deploy versions 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 are vulnerable to an information disclosure issue that allows a local user to gain access to sensitive database information in plain text. This vulnerability highlights the importance of securing access controls to prevent unauthorized access to sensitive data. Mitigating this issue is crucial for maintaining the integrity and confidentiality of your systems.",IBM,Urbancode Deploy,4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-06-30T00:00:00.000Z,0
CVE-2021-39082,https://securityvulnerability.io/vulnerability/CVE-2021-39082,Weak Cryptographic Algorithms in IBM UrbanCode Deploy Software,"IBM UrbanCode Deploy 7.1.1.2 implements cryptographic algorithms that are weaker than expected, potentially enabling attackers to decrypt sensitive information. This vulnerability poses significant risks as it may allow unauthorized access to confidential data, thereby compromising data integrity and security.",IBM,Urbancode Deploy,5.9,MEDIUM,0.0013000000035390258,false,,false,false,false,,,false,false,,2022-04-29T16:15:00.000Z,0
CVE-2022-22315,https://securityvulnerability.io/vulnerability/CVE-2022-22315,Privilege Escalation in IBM UrbanCode Deploy Affects User Permissions,"IBM UrbanCode Deploy version 7.2.2.1 is susceptible to a privilege escalation vulnerability due to improper management of user permissions. An authenticated user with specific roles could exploit this flaw to gain elevated privileges, potentially leading to unauthorized actions within the system. This situation raises significant security concerns, underscoring the importance of effective permission handling to mitigate such risks.",IBM,Urbancode Deploy,5,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2022-04-27T18:15:00.000Z,0
CVE-2022-22327,https://securityvulnerability.io/vulnerability/CVE-2022-22327,Cryptographic Vulnerability in IBM UrbanCode Deploy Software,"IBM UrbanCode Deploy versions 7.0.5, 7.1.0, 7.1.1, and 7.1.2 implement cryptographic algorithms that are weaker than expected. This flaw may enable attackers to decrypt sensitive information, posing a risk to data integrity and confidentiality. Organizations utilizing these versions should review their cryptographic configurations and consider updating to mitigate potential threats. For more information, visit IBM's official support page.",IBM,Urbancode Deploy,5.9,MEDIUM,0.0011099999537691474,false,,false,false,false,,,false,false,,2022-03-31T00:00:00.000Z,0
CVE-2021-29711,https://securityvulnerability.io/vulnerability/CVE-2021-29711,,"IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.",IBM,Urbancode Deploy,4.9,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-07-08T16:15:00.000Z,0
CVE-2020-4944,https://securityvulnerability.io/vulnerability/CVE-2020-4944,,"IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.",IBM,Urbancode Deploy,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-03-30T16:15:00.000Z,0
CVE-2020-4884,https://securityvulnerability.io/vulnerability/CVE-2020-4884,,"IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.",IBM,Urbancode Deploy,6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-03-30T16:15:00.000Z,0
CVE-2020-4848,https://securityvulnerability.io/vulnerability/CVE-2020-4848,,"IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293.",IBM,Urbancode Deploy,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-03-30T16:15:00.000Z,0