IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.
Vector
NETWORK
Complexity
LOW
Authentication
SINGLE_INSTANCE
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE
Ibm Urbancode deploy 6.1.3.5 (not an official CPE)
Ibm Urbancode deploy 6.1.3.4 (not an official CPE)
Ibm Urbancode deploy 6.1.3.3 (not an official CPE)
Ibm Urbancode deploy 6.1.3.2 (not an official CPE)
Ibm Urbancode deploy 6.1.3.1 (not an official CPE)
Ibm Urbancode deploy 6.1.3 (not an official CPE)
IBM UrbanCode Deploy 6.1.2
Ibm Urbancode deploy 6.1.1.8 (not an official CPE)
IBM UrbanCode Deploy 6.1.1.7
IBM UrbanCode Deploy 6.1.1.6
IBM UrbanCode Deploy 6.1.1.5
IBM UrbanCode Deploy 6.1.1.4
IBM UrbanCode Deploy 6.1.1.3
IBM UrbanCode Deploy 6.1.1.2
IBM UrbanCode Deploy 6.1.1.1
IBM UrbanCode Deploy 6.1.1.0
Ibm Urbancode deploy 6.1.1 (not an official CPE)
Ibm Urbancode deploy 6.1.0.4 (not an official CPE)
Ibm Urbancode deploy 6.1.0.3 (not an official CPE)
Ibm Urbancode deploy 6.1.0.2 (not an official CPE)
Ibm Urbancode deploy 6.1.0.1 (not an official CPE)
Ibm Urbancode deploy 6.1 (not an official CPE)
Ibm Urbancode deploy 6.0.1.13 (not an official CPE)
Ibm Urbancode deploy 6.0.1.12 (not an official CPE)
Ibm Urbancode deploy 6.0.1.11 (not an official CPE)
Ibm Urbancode deploy 6.0.1.10 (not an official CPE)
IBM UrbanCode Deploy 6.0.1.9
IBM UrbanCode Deploy 6.0.1.8
IBM UrbanCode Deploy 6.0.1.7
IBM UrbanCode Deploy 6.0.1.6
IBM UrbanCode Deploy 6.0.1.5
IBM UrbanCode Deploy 6.0.1.4
IBM UrbanCode Deploy 6.0.1.3
IBM UrbanCode Deploy 6.0.1.2
IBM UrbanCode Deploy 6.0.1.1
IBM UrbanCode Deploy 6.0.1.0
IBM UrbanCode Deploy 6.0
Ibm Urbancode deploy 6.1.3.6 (not an official CPE)
Ibm Urbancode deploy 6.1.3.7 (not an official CPE)
Ibm Urbancode deploy 6.1.3.8 (not an official CPE)
Ibm Urbancode deploy 6.2 (not an official CPE)
Ibm Urbancode deploy 6.2.0.0 (not an official CPE)
Ibm Urbancode deploy 6.2.0.1 (not an official CPE)
Ibm Urbancode deploy 6.2.0.2 (not an official CPE)
Ibm Urbancode deploy 6.2.0.201 (not an official CPE)
Ibm Urbancode deploy 6.2.1 (not an official CPE)
Ibm Urbancode deploy 6.2.1.0 (not an official CPE)
Ibm Urbancode deploy 6.2.1.1 (not an official CPE)
Ibm Urbancode deploy 6.2.1.2 (not an official CPE)
Ibm Urbancode deploy 6.2.2 (not an official CPE)
Ibm Urbancode deploy 6.2.2.0 (not an official CPE)
Ibm Urbancode deploy 6.2.2.1 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| ibm-ucd-cve20160373-info-disc(112119) | |||
| http://www-01.ibm.com/support/docview.wss?uid=swg2C10002... |
Improper Authorization (ID 285)
Related CAPEC 13
Accessing Functionality Not Properly Constrained by ACLs (CAPEC-ID 1)
Cross Zone Scripting (CAPEC-ID 104)
Directory Indexing (CAPEC-ID 127)
Subverting Environment Variable Values (CAPEC-ID 13)
Accessing, Modifying or Executing Executable Files (CAPEC-ID 17)
Manipulating Opaque Client-based Data Tokens (CAPEC-ID 39)
Buffer Overflow via Symbolic Links (CAPEC-ID 45)
Poison Web Service Registry (CAPEC-ID 51)
Session Credential Falsification through Prediction (CAPEC-ID 59)
Reusing Session IDs (aka Session Replay) (CAPEC-ID 60)
Manipulating Input to File System Calls (CAPEC-ID 76)
Manipulating User-Controlled Variables (CAPEC-ID 77)
Forceful Browsing (CAPEC-ID 87)