Information Disclosure in IBM UrbanCode Deploy and Build Products
CVE-2019-4666

2.3LOW

Key Information:

Vendor

IBM
Status
Urbancode Deploy
Urbancode Build
Vendor
CVE Published:
13 February 2020

What is CVE-2019-4666?

IBM UrbanCode Deploy and IBM UrbanCode Build may expose sensitive information due to improper permission configurations, allowing local users to unmask secure values in certain documents. This vulnerability can lead to unintended access to confidential information, compromising the security of applications managed by these tools.

Affected Version(s)

UrbanCode Build 6.1.5

UrbanCode Deploy 7.0.3

References

https://www.ibm.com/support/pages/node/1138576
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/2325141
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/171248
vdb-entryx_refsource_XF

CVSS V3.1

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.