CVE-2022-40751 — Insufficiently Protected Credentials in IBM Urbancode Deploy

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 67.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Urbancode Deploy

Timeline

PublishedNov 17

Description

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/urbancode_deploy6.2.7.0 — 6.2.7.17+3

▶NVDibm/urbancode_deploy6.2.7.0 — 6.2.7.18+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-q778-q498-8cqq: IBM UrbanCode Deploy (UCD) 6↗2022-11-17

▶

CVEList

IBM UrbanCode Deploy information disclosure↗2022-11-17

▶