CVE-2020-4202Improper Privilege Management in IBM Urbancode Deploy

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 53.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Urbancode Deploy
Timeline
PublishedApr 23
Latest updateMay 24

Description

IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/urbancode_deploy7.0.3.07.0.3.4+1
CVEListV5ibm/urbancode_deploy7.0.3.0, 7.0.4.0+1

🔴Vulnerability Details

2
GHSA
GHSA-c7q4-vm42-67vm: IBM UrbanCode Deploy (UCD) 72022-05-24
CVEList
CVE-2020-4202: IBM UrbanCode Deploy (UCD) 72020-04-23