ibm UrbanCode Deploy v7.1.1.1 - 5 CVEs

CVE-2021-39082

IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

MEDIUM CVSS 5.9 Published Apr 29, 2022

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.

MEDIUM CVSS 4.9 Published Jul 08, 2021

CVE-2020-4944

IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.

MEDIUM CVSS 5.1 Published Mar 30, 2021

CVE-2020-4884

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.

MEDIUM CVSS 6.2 Published Mar 30, 2021

CVE-2020-4848

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293.

MEDIUM CVSS 5.4 Published Mar 30, 2021

Version 7.1.1.1

Known Vulnerabilities

CVE-2021-39082

CVE-2021-29711

CVE-2020-4944

CVE-2020-4884

CVE-2020-4848