IBM UrbanCode Deploy 6.2.7.9/7.0.5.4/7.1.1.1 Plugin access control

Summaryinfo

A vulnerability classified as critical was found in IBM UrbanCode Deploy 6.2.7.9/7.0.5.4/7.1.1.1. This affects an unknown function of the component Plugin Handler. Such manipulation leads to access control. This vulnerability is traded as CVE-2020-4848. The attack may be launched remotely. There is no exploit available.

Detailsinfo

A vulnerability was found in IBM UrbanCode Deploy 6.2.7.9/7.0.5.4/7.1.1.1 and classified as critical. Affected by this issue is an unknown function of the component Plugin Handler. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability.

The weakness was shared 03/31/2021. The advisory is shared for download at ibm.com. This vulnerability is handled as CVE-2020-4848. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 04/07/2021). It is expected to see the exploit prices for this product increasing in the near future.The MITRE ATT&CK project declares the attack technique as T1068.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at X-Force (190293). Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• IBM

Name

• UrbanCode Deploy

Version

• 6.2.7.9
• 7.0.5.4
• 7.1.1.1

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion