Privilege Escalation in IBM UrbanCode Deploy Affects User Permissions
CVE-2022-22315

5MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy
Vendor: CVE Published:; 27 April 2022

What is CVE-2022-22315?

IBM UrbanCode Deploy version 7.2.2.1 is susceptible to a privilege escalation vulnerability due to improper management of user permissions. An authenticated user with specific roles could exploit this flaw to gain elevated privileges, potentially leading to unauthorized actions within the system. This situation raises significant security concerns, underscoring the importance of effective permission handling to mitigate such risks.

Affected Version(s)

UrbanCode Deploy 6.2.7.0

UrbanCode Deploy 7.0.3.0

UrbanCode Deploy 7.0.4.0

References

https://www.ibm.com/support/pages/node/6575143

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/217955

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Jan 3, 2022