Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM UrbanCode Deploy 权限许可和访问控制漏洞
Vulnerability Description
IBM UrbanCode Deploy(UCD)是美国IBM公司的一套应用自动化部署工具。该工具基于一个应用部署自动化管理信息模型,并通过远程代理技术,实现对复杂应用在不同环境下的自动化部署等。 IBM UCD中存在安全漏洞,该漏洞源于程序错误地将‘admin AUTH_TOKEN’值写入执行日志中。远程攻击者可通过创建并执行进程利用该漏洞获取权限。以下版本受到影响:IBM UCD 6.0.1.10之前6.0版本和6.0.1.x版本,6.1.1.8之前6.1.1.x版本,6.1.2版本。
CVSS Information
N/A
Vulnerability Type
N/A