Privilege Escalation in IBM UrbanCode Deploy Affects User Permissions
CVE-2022-22315

5MEDIUM

Key Information:

Vendor
IBM
Status
Urbancode Deploy
Vendor
CVE Published:
27 April 2022

Summary

IBM UrbanCode Deploy version 7.2.2.1 is susceptible to a privilege escalation vulnerability due to improper management of user permissions. An authenticated user with specific roles could exploit this flaw to gain elevated privileges, potentially leading to unauthorized actions within the system. This situation raises significant security concerns, underscoring the importance of effective permission handling to mitigate such risks.

Affected Version(s)

UrbanCode Deploy 6.2.7.0

UrbanCode Deploy 7.0.3.0

UrbanCode Deploy 7.0.4.0

References

https://www.ibm.com/support/pages/node/6575143
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/217955
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.