IBM UrbanCode Deploy (UCD) improper authentication controls
CVE-2023-40376

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy
Vendor: CVE Published:; 4 October 2023

What is CVE-2023-40376?

IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.

Affected Version(s)

UrbanCode Deploy 7.1 <= 7.1.2.12

UrbanCode Deploy 7.2 <= 7.2.3.5

UrbanCode Deploy 7.3 <= 7.3.2.0

References

https://www.ibm.com/support/pages/node/7037230

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/263581

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Aug 14, 2023