IBM UrbanCode Deploy information disclosure
CVE-2022-40751

4.9MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy
Vendor: CVE Published:; 17 November 2022

Summary

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID:

Affected Version(s)

UrbanCode Deploy 6.2.7.0 < 6.2.7.17

UrbanCode Deploy 7.0.0.0 < 7.0.5.12

UrbanCode Deploy 7.1.0.0 < 7.1.2.8

References

https://www.ibm.com/support/pages/node/6831907

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/236601

vdb-entry

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2022
Vulnerability Reserved
Sep 16, 2022