Description
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- ibm / devops_deploy8.0.0.0 – 8.0.0.0
- ibm / devops_deploy8.0.1.5 – 8.0.1.5
- ibm / devops_deploy8.1.0.0 – 8.1.0.0
- ibm / devops_deploy8.1.0.1 – 8.1.0.1
- ibm / urbancode_deploy7.3 – 7.3
- ibm / urbancode_deploy7.1 – 7.1
- ibm / urbancode_deploy7.3.2.10 – 7.3.2.10
- ibm / urbancode_deploy7.1.2.22 – 7.1.2.22
- ibm / urbancode_deploy7.2 – 7.2
- ibm / urbancode_deploy7.2.3.15 – 7.2.3.15