IBM Security Bulletin: Secure Properties in IBM UrbanCode Deploy Vulnerable (CVE-2016-0267)
Certain secure properties in IBM UrbanCode Deploy can be obtained by an authenticated user from the server UI. Also, certain secure properties can be obtained in plain text from the IBM UrbanCode Deploy database by a user who has read permission to the database.
CVE(s): CVE-2016-0267
Affected product(s) and affected version(s):
IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.2.0.0, 6.2.0.1, 6.2.0.2, and 6.2.1 on all supported platforms.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1Uimoln
X-Force Database: http://ift.tt/1PiMDCz
from IBM Product Security Incident Response Team http://ift.tt/1TXAN2w