Vulnerability Name: CVE-2021-29711 (CCN-200965) Assigned: 2021-07-07 Published: 2021-07-07 Updated: 2022-07-12 Summary: IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965. CVSS v3 Severity: 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 4.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
CVSS v2 Severity: 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: File Manipulation References: Source: MITRECVE-2021-29711 ibm-ucd-cve202129711-improper-permissions(200965) ibm-ucd-cve202129711-improper-permissions (200965) CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission. https://www.ibm.com/support/pages/node/6469941 Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:urbancode_deploy:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:urbancode_deploy:6.2.7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.2.7.4:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.2.7.8:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.2.7.9:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.0.5.4:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:7.1.1.2:*:*:*:*:*:*:* AND cpe:/a:ibm:urbancode_deploy:7.0.5.3:*:*:*:*:*:*:* BACK
ibm urbancode deploy *
ibm urbancode deploy 6.2.7.3
ibm urbancode deploy 7.0.3.0
ibm urbancode deploy 7.0.4.0
ibm urbancode deploy 7.1.0.0
ibm urbancode deploy 6.2.7.4
ibm urbancode deploy 6.2.7.8
ibm urbancode deploy 7.1.1.0
ibm urbancode deploy 6.2.7.9
ibm urbancode deploy 7.0.5.4
ibm urbancode deploy 7.1.1.1
ibm urbancode deploy 7.1.1.2
ibm urbancode deploy 7.0.5.3
Denotes that component is vulnerable