Skip to main content

Urbancode Deploy CVE-2022-22366

MEDIUM
Cleartext Storage of Sensitive Information (CWE-312)
2022-07-01 psirt@us.ibm.com
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 01, 2022 - 18:15 nvd
MEDIUM 4.4

DescriptionNVD

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.

AnalysisAI

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-312. IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. Affected products include: Ibm Urbancode Deploy.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-8938 CRITICAL
10.0 Feb 01

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on

CVE-2014-8900 HIGH
8.8 Aug 28

Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6

CVE-2024-22358 HIGH
8.8 Apr 12

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM

CVE-2022-22315 HIGH
8.8 Apr 27

IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privile

CVE-2020-4202 HIGH
8.8 Apr 23

IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the serv

CVE-2016-0271 HIGH
8.2 Jul 08

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a s

CVE-2020-4481 HIGH
8.2 Aug 05

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE

CVE-2017-1149 HIGH
8.1 Apr 25

IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Inje

CVE-2016-0267 HIGH
7.7 Jun 29

IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated u

CVE-2016-6068 HIGH
7.5 Feb 01

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResour

CVE-2016-9008 HIGH
7.5 Feb 01

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugin

CVE-2016-2942 HIGH
7.5 Feb 01

IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a

Share

CVE-2022-22366 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy