Vulnerability Name: CVE-2020-4944 (CCN-191944) Assigned: 2019-12-30 Published: 2021-03-29 Updated: 2021-10-18 Summary: IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944. CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 4.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-312 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2020-4944 ibm-ucd-cve20204944-info-disc(191944) ibm-ucd-cve20204944-info-disc (191944) IBM UrbanCode Deploy (UCD) stores keystore passwords in plain after a manuel edit, which can be read by a local user. https://www.ibm.com/support/pages/node/6437567 Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.0.5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.0.5.4:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.1.2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.0.5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.0.5.4:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.1.2:*:*:*:*:*:*:* AND cpe:/a:ibm:urbancode_deploy:7.0.5.2:*:*:*:*:*:*:* BACK
ibm urbancode deploy 7.0.3.0
ibm urbancode deploy 7.0.4.0
ibm urbancode deploy 7.0.5.3
ibm urbancode deploy 7.0.5.4
ibm urbancode deploy 7.1.0.0
ibm urbancode deploy 7.1.1.0
ibm urbancode deploy 7.1.1.1
ibm urbancode deploy 7.1.1.2
ibm urbancode deploy 7.0.3.0
ibm urbancode deploy 7.0.4.0
ibm urbancode deploy 7.1.0.0
ibm urbancode deploy 7.0.5.3
ibm urbancode deploy 7.1.1.0
ibm urbancode deploy 7.0.5.4
ibm urbancode deploy 7.1.1.1
ibm urbancode deploy 7.1.1.2
ibm urbancode deploy 7.0.5.2
Denotes that component is vulnerable