CVE-2020-4884Cleartext Storage of Sensitive Info in IBM Urbancode Deploy

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Urbancode Deploy
Timeline
PublishedMar 30
Latest updateMay 24

Description

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/urbancode_deploy6.2.7.9, 7.0.5.4, 7.1.1.1+2
NVDibm/urbancode_deploy6.2.7.9, 7.0.5.4, 7.1.1.1+2

🔴Vulnerability Details

2
GHSA
GHSA-v697-947h-q7ww: IBM UrbanCode Deploy (UCD) 62022-05-24
CVEList
CVE-2020-4884: IBM UrbanCode Deploy (UCD) 62021-03-30
CVE-2020-4884 — Cleartext Storage of Sensitive Info | cvebase