CVE-2016-0271IBM Urbancode Deploy vulnerability

CWE-2643 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.0%
top 88.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Urbancode Deploy
Timeline
PublishedJul 8
Latest updateMay 17

Description

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages1 packages

NVDibm/urbancode_deploy37 versions+36

🔴Vulnerability Details

2
GHSA
GHSA-94jj-r65q-xf26: The agents in IBM UrbanCode Deploy 62022-05-17
CVEList
CVE-2016-0271: The agents in IBM UrbanCode Deploy 62016-07-08
CVE-2016-0271 — IBM Urbancode Deploy vulnerability | cvebase