CVE-2016-0373 — Improper Authorization in IBM Urbancode Deploy

CWE-285 — Improper Authorization11 documents4 sources

Severity

4.3MEDIUMNVD

CNA3.1

EPSS

0.1%

top 71.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Urbancode Deploy

Timeline

PublishedAug 30

Latest updateMay 13

Description

IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/urbancode_deploy6.0 — 6.2.2.1

▶CVEListV5ibm/urbancode_deploy42 versions+41

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-jfjj-qgh8-rp3r: IBM UrbanCode Deploy 6↗2022-05-13

▶

CVEList

CVE-2016-0373: IBM UrbanCode Deploy 6↗2018-08-30

▶

💬Community

Bugzilla

CVE-2016-1958 Mozilla: Displayed page address can be overridden (MFSA 2016-21)↗2016-03-08

▶

Bugzilla

CVE-2016-1974 Mozilla: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34)↗2016-03-08

▶

Bugzilla

CVE-2016-1957 Mozilla: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20)↗2016-03-08

▶

Bugzilla

CVE-2016-1964 Mozilla: Use-after-free during XML transformations (MFSA 2016-27)↗2016-03-08

▶

Bugzilla

CVE-2016-1960 Mozilla: Use-after-free in HTML5 string parser (MFSA 2016-23)↗2016-03-08

▶