Matteo Zocca

**Name of the Vulnerable Software and Affected Versions** IBM DevOps Deploy versions 8.0 through 8.0.1.4 IBM DevOps Deploy versions 8.1 through 8.1.0.0 IBM UrbanCode Deploy versions 7.0 through 7.0.5.25 IBM UrbanCode Deploy versions 7.1 through 7.1.2.21 IBM UrbanCode Deploy versions 7.2 through 7.2.3.14 IBM UrbanCode Deploy versions 7.3 through 7.3.2.9 **Description** The issue allows a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. **Recommendations** For IBM DevOps Deploy versions 8.0 through 8.0.1.4, update to a version outside of this range. For IBM DevOps Deploy versions 8.1 through 8.1.0.0, update to a version outside of this range. For IBM UrbanCode Deploy versions 7.0 through 7.0.5.25, update to a version outside of this range. For IBM UrbanCode Deploy versions 7.1 through 7.1.2.21, update to a version outside of this range. For IBM UrbanCode Deploy versions 7.2 through 7.2.3.14, update to a version outside of this range. For IBM UrbanCode Deploy versions 7.3 through 7.3.2.9, update to a version outside of this range.

**Name of the Vulnerable Software and Affected Versions** IBM DevOps Deploy versions 8.0 through 8.0.1.4 IBM DevOps Deploy versions 8.1 through 8.1.0.0 IBM UrbanCode Deploy versions 7.0 through 7.0.5.25 IBM UrbanCode Deploy versions 7.1 through 7.1.2.21 IBM UrbanCode Deploy versions 7.2 through 7.2.3.14 IBM UrbanCode Deploy versions 7.3 through 7.3.2 **Description** The issue allows an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. **Recommendations** IBM DevOps Deploy versions 8.0 through 8.0.1.4: Restrict access to sensitive user information until a patch is available. IBM DevOps Deploy versions 8.1 through 8.1.0.0: Restrict access to sensitive user information until a patch is available. IBM UrbanCode Deploy versions 7.0 through 7.0.5.25: Restrict access to sensitive user information until a patch is available. IBM UrbanCode Deploy versions 7.1 through 7.1.2.21: Restrict access to sensitive user information until a patch is available. IBM UrbanCode Deploy versions 7.2 through 7.2.3.14: Restrict access to sensitive user information until a patch is available. IBM UrbanCode Deploy versions 7.3 through 7.3.2: Restrict access to sensitive user information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.