CVE-2020-4944 — Cleartext Storage of Sensitive Info in IBM Urbancode Deploy
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 30
Latest updateMay 24
Description
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6