CVE-2016-0320

moderate-risk

Published 2017-02-01

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.

Do I need to act?

-

0.12% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Affected Vendors

Ibm

References (4)

Patch http://www.ibm.com/support/docview.wss?uid=swg2C1000222

Third Party Advisory http://www.securityfocus.com/bid/95974

Patch http://www.ibm.com/support/docview.wss?uid=swg2C1000222

Third Party Advisory http://www.securityfocus.com/bid/95974

43

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 24/34 · High