CVE-2016-8938

high-risk

Published 2017-02-01

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.

Do I need to act?

-

0.77% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

10

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Urbancode Deploy

Affected Vendors

Ibm

References (4)

Patch http://www.ibm.com/support/docview.wss?uid=swg2C1000237

Third Party Advisory http://www.securityfocus.com/bid/95289

Patch http://www.ibm.com/support/docview.wss?uid=swg2C1000237

Third Party Advisory http://www.securityfocus.com/bid/95289

60

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 3/34 · Minimal

Exposure 24/34 · High