Description
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/112119
Scores
CVSS v3
3.1
EPSS
0.0079
EPSS Percentile
51.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-285
Status
published
Products (1)
ibm/urbancode_deploy
6.0 - 6.2.2.1
Published
Aug 30, 2018
Tracked Since
Feb 18, 2026