Home Unlabelled IBM Security Bulletin: Plugins can be uploaded to IBM UrbanCode Deploy without Authentication (CVE-2017-1749)

IBM Security Bulletin: Plugins can be uploaded to IBM UrbanCode Deploy without Authentication (CVE-2017-1749)

By
Thursday, August 09, 2018
Read
Add Comment

A directory traversal attack can be used to upload new versions of a plugin, altering UCD deployments.

CVE(s): CVE-2017-1749

Affected product(s) and affected version(s):

All fixpacks of IBM UrbanCode Deploy 6.1 – 6.1.3.6 and IBM UrbanCode Deploy 6.2 – 6.2.6.1 are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=swg2C1000374
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135522

The post IBM Security Bulletin: Plugins can be uploaded to IBM UrbanCode Deploy without Authentication (CVE-2017-1749) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2vSQhSh
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us