CVE-2023-47161Improper Input Validation in IBM Urbancode Deploy

CWE-20Improper Input Validation3 documents3 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.1%
top 81.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Urbancode Deploy
Timeline
PublishedDec 20

Description

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/urbancode_deploy7.27.2.3.7+2
NVDibm/urbancode_deploy7.0.0.07.0.5.18+3

🔴Vulnerability Details

2
GHSA
GHSA-j7c4-q4f5-fpfw: IBM UrbanCode Deploy (UCD) 72023-12-20
CVEList
IBM UrbanCode Deploy denial of service2023-12-19
CVE-2023-47161 — Improper Input Validation in IBM | cvebase