CVE-2016-0320

MEDIUM

IBM UrbanCode Deploy - Privilege Escalation

Title source: llm

Description

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.

References (2)

Scores

CVSS v3 4.3
EPSS 0.0013
EPSS Percentile 31.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Classification

CWE
CWE-284
Status published

Affected Products (50)

ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
ibm/urbancode_deploy
... and 35 more

Timeline

Published Feb 01, 2017
Tracked Since Feb 18, 2026