PT-2025-2684 · Ibm · Ibm Urbancode Deploy
Published
2024-12-04
·
Updated
2025-01-21
·
CVE-2024-45091
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM UrbanCode Deploy (UCD) versions 7.0 through 7.0.5.24
IBM UrbanCode Deploy (UCD) versions 7.1 through 7.1.2.10
IBM UrbanCode Deploy (UCD) versions 7.2 through 7.2.3.13
Description
The issue concerns the storage of potentially sensitive information in log files by IBM UrbanCode Deploy (UCD). This information could be accessed by a local user with permission to view HTTP request logs.
Recommendations
For versions 7.0 through 7.0.5.24, consider restricting access to log files to minimize the risk of sensitive information disclosure.
For versions 7.1 through 7.1.2.10, restrict access to log files to prevent unauthorized reading of potentially sensitive information.
For versions 7.2 through 7.2.3.13, limit access to HTTP request logs to reduce the risk of sensitive data exposure.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Urbancode Deploy