IBM UrbanCode Deploy (UCD) information disclosure
CVE-2022-43877

5.1MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy
Vendor: CVE Published:; 6 May 2023

Summary

IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.

Affected Version(s)

UrbanCode Deploy 6.2 <= 6.2.7.19

UrbanCode Deploy 7.0 <= 7.0.5.14

UrbanCode Deploy 7.1 <= 7.1.2.10

References

https://www.ibm.com/support/pages/node/6967351

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/240148

vdb-entry

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 6, 2023
Vulnerability Reserved
Oct 26, 2022