IBM UrbanCode Deploy 6.2.7.3/6.2.7.4/7.0.3.0/7.0.4.0 information exposure

Summaryinfo

A vulnerability described as problematic has been identified in IBM UrbanCode Deploy 6.2.7.3/6.2.7.4/7.0.3.0/7.0.4.0. The affected element is an unknown function. Such manipulation leads to information exposure. This vulnerability is documented as CVE-2020-4483. The attack can be executed remotely. There is not any exploit available.

Detailsinfo

A vulnerability was found in IBM UrbanCode Deploy 6.2.7.3/6.2.7.4/7.0.3.0/7.0.4.0. It has been rated as problematic. Affected by this issue is an unknown code block. The manipulation with an unknown input leads to a information exposure vulnerability. Using CWE to declare the problem leads to CWE-209. The product generates an error message that includes sensitive information about its environment, users, or associated data. Impacted is confidentiality.

The weakness was released 11/06/2020. The advisory is shared for download at ibm.com. This vulnerability is handled as CVE-2020-4483. The exploitation is known to be easy. The attack may be launched remotely. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

The vulnerability is also documented in the vulnerability database at X-Force (181857). VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• IBM

Name

• UrbanCode Deploy

Version

• 6.2.7.3
• 6.2.7.4
• 7.0.3.0
• 7.0.4.0

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion