CVE-2016-0373
First published: Thu Aug 30 2018(Updated: )
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM UrbanCode Deploy | >=6.0<=6.2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-0373?
The severity of CVE-2016-0373 is classified as medium due to its potential impact on sensitive information accessibility.
How do I fix CVE-2016-0373?
To fix CVE-2016-0373, update IBM UrbanCode Deploy to a version later than 6.2.2.1 where the authorization issue is addressed.
Who is affected by CVE-2016-0373?
CVE-2016-0373 affects users of IBM UrbanCode Deploy versions 6.0 through 6.2.2.1 who have access to the REST API.
What type of data can be exposed by CVE-2016-0373?
CVE-2016-0373 can expose sensitive configuration and deployment data accessible through unauthorized REST API calls.
Is CVE-2016-0373 an authentication or authorization vulnerability?
CVE-2016-0373 is primarily an authorization vulnerability, allowing authenticated users to gain unauthorized access to sensitive information.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm urbancode deploy
- version/ibm urbancode deploy/6.0
- version/ibm urbancode deploy/6.2.2.1