CyberSec.Space Logo
Back to CVE Browser

CVE-2020-4202

HIGH
8.8
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile32.37th
PublishedApr 23, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955.

Affected Platforms (CPE)

πŸ“¦
Ibm

Urbancode Deploy

>= 7.0.3.0 and < 7.0.3.4
πŸ“¦
Ibm

Urbancode Deploy

>= 7.0.4.0 and < 7.0.4.3

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/174955
πŸ”— https://www.ibm.com/support/pages/node/6195701
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/174955
πŸ”— https://www.ibm.com/support/pages/node/6195701

Related Vulnerabilities

CVE-2016-893810.0

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the serve...

CVE-2020-44818.2

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack w...

CVE-2016-02718.2

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's id...

CVE-2017-11498.1

IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE...