IBM Security Bulletin: Relays do not properly authenticate agents attempting to download artifacts (CVE-2016-0365)
When using Codestation caching of artifacts on agent relays, agents can download artifacts without properly authenticating.
CVE(s): CVE-2016-0365
Affected product(s) and affected version(s):
IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.2.0.0, 6.2.0.1, 6.2.0.2, and 6.2.1 on all supported platforms.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1WUG4NZ
X-Force Database: http://ift.tt/1qXe1zM
from IBM Product Security Incident Response Team http://ift.tt/1WUGEv8