Improper Permissions in IBM UrbanCode Deploy
CVE-2021-29711
4.9MEDIUM
Summary
IBM UrbanCode Deploy versions 6.2.7.3, 6.2.7.4, 6.2.7.8, 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 may allow authenticated users with particular permissions to initiate an agent upgrade via the command-line interface (CLI). This poses a risk as it can potentially lead to unauthorized modifications and disruptions within the deployment process.
Affected Version(s)
UrbanCode Deploy 6.2.7.3
UrbanCode Deploy 7.0.3.0
UrbanCode Deploy 7.0.4.0
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved