Authentication Bypass in IBM UrbanCode Deploy
CVE-2020-4848

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy
Vendor: CVE Published:; 30 March 2021

Summary

The vulnerability in IBM UrbanCode Deploy allows an authenticated user to initiate processes or access plugin resources beyond their permitted scope. This unauthorized access could lead to potential exploitation by malicious actors, thereby compromising the integrity and security of the deployment environment. Users of affected versions should apply the necessary remediation measures to safeguard their systems.

Affected Version(s)

UrbanCode Deploy 6.2.7.9

UrbanCode Deploy 7.0.5.4

UrbanCode Deploy 7.1.1.1

References

https://www.ibm.com/support/pages/node/6437573

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/190293

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2021
Vulnerability Reserved
Dec 30, 2019