CVE-2020-4483 — Information Exposure via Error Message in IBM Urbancode Deploy

CWE-209 — Information Exposure via Error Message7 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 71.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Urbancode Deploy

Timeline

PublishedNov 6

Latest updateMay 24

Description

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/urbancode_deploy4 versions+3

▶NVDibm/urbancode_deploy4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-3hg9-f2mv-c9rx: IBM UrbanCode Deploy (UCD) 6↗2022-05-24

▶

CVEList

CVE-2020-4483: IBM UrbanCode Deploy (UCD) 6↗2020-11-06

▶

💬Community

Bugzilla

CVE-2019-19481 opensc: Improper handling of buffer limits for CAC certificates↗2019-12-12

▶

Bugzilla

CVE-2019-19479 opensc: Incorrect read operation during parsing of a SETCOS file attribute↗2019-12-11

▶

Bugzilla

CVE-2019-15945 opensc: Out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c↗2019-10-24

▶

Bugzilla

CVE-2019-15946 opensc: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c↗2019-10-24

▶