Plain Text Password Vulnerability in IBM UrbanCode Deploy
CVE-2020-4944

5.1MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy
Vendor: CVE Published:; 30 March 2021

Summary

IBM UrbanCode Deploy versions 7.0.3.0 through 7.1.1.2 have a vulnerability that allows local users to access keystore passwords that are stored in plain text following a manual edit. This exposure of sensitive information could potentially lead to unauthorized access to critical systems and data.

Affected Version(s)

UrbanCode Deploy 7.0.3.0

UrbanCode Deploy 7.0.4.0

UrbanCode Deploy 7.1.0.0

References

https://www.ibm.com/support/pages/node/6437567

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/191944

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2021
Vulnerability Reserved
Dec 30, 2019