CVE-2023-42015

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/265512	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7096546	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:urbancode_deploy::::::::
	cpe:2.3:a:ibm:urbancode_deploy::::::::
	cpe:2.3:a:ibm:urbancode_deploy::::::::

History

27 Dec 2023, 18:52

Type	Values Removed	Values Added
First Time		Ibm urbancode Deploy Ibm
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7096546 -~~	() https://www.ibm.com/support/pages/node/7096546 - Vendor Advisory
Summary		(es) IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podría provocar la divulgación de información confidencial. ID de IBM X-Force: 265512.
CPE		cpe:2.3:a:ibm:urbancode_deploy::::::::
CWE		CWE-79

19 Dec 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-19 03:15

Updated : 2023-12-27 18:52

NVD link : CVE-2023-42015

Mitre link : CVE-2023-42015

CVE.ORG link : CVE-2023-42015

JSON object : View

Products Affected

ibm

urbancode_deploy

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-42015", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-12-19T03:15:07.950", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265512", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7096546", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512."}, {"lang": "es", "value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 es vulnerable a la inyecci\u00f3n de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial. ID de IBM X-Force: 265512."}], "lastModified": "2023-12-27T18:52:58.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845BBD2F-F115-493B-862B-0B1E57A2CF17", "versionEndExcluding": "7.1.2.15", "versionStartIncluding": "7.1.0.0"}, {"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0831485-4FCF-47B5-9480-F03028E6CC85", "versionEndExcluding": "7.2.3.8", "versionStartIncluding": "7.2.0.0"}, {"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFBAF5A7-B9AA-4335-B27B-DD9C109425BE", "versionEndExcluding": "7.3.2.3", "versionStartIncluding": "7.3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}