What is the vulnerability ID for this IBM UrbanCode Deploy vulnerability?

The vulnerability ID for this IBM UrbanCode Deploy vulnerability is CVE-2022-46771.

What is the severity of CVE-2022-46771?

CVE-2022-46771 has a severity rating of 4.6, which is considered medium.

What is the vulnerability type of CVE-2022-46771?

CVE-2022-46771 is a cross-site scripting vulnerability.

How can the cross-site scripting vulnerability CVE-2022-46771 be exploited?

The cross-site scripting vulnerability CVE-2022-46771 can be exploited by embedding arbitrary JavaScript code in the Web UI, thus altering its intended functionality.

Vulnerability/
CVE-2022-46771

medium

4.6

CWE

15/12/2022

20/12/2022

3/8/2024

CVE-2022-46771: IBM UrbanCode Deploy (UCD) cross-site scripting

Q: Which versions of IBM UrbanCode Deploy are affected by CVE-2022-46771?

IBM UrbanCode Deploy versions 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2, and 7.3.0.0 are all affected by CVE-2022-46771.

First published: Thu Dec 15 2022(Updated: )

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM UrbanCode Deploy	>=6.2.0.0<=6.2.7.18
IBM UrbanCode Deploy	>=7.0.5.0<=7.0.5.13
IBM UrbanCode Deploy	>=7.1.0.0<=7.1.2.9
IBM UrbanCode Deploy	>=7.2.0.0<=7.2.3.2
IBM UrbanCode Deploy	=7.3.0.0
	<=6.2.0.0 - 6.2.7.18
	<=7.0.5.0 - 7.0.5.13
	<=7.1.0.0 - 7.1.2.9
	<=7.2.0.0 - 7.2.3.2
	<=7.3.0.0

Remedy

https://www.ibm.com/support/pages/node/6848897

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6848897

Frequently Asked Questions

What is the vulnerability ID for this IBM UrbanCode Deploy vulnerability?
The vulnerability ID for this IBM UrbanCode Deploy vulnerability is CVE-2022-46771.
What is the severity of CVE-2022-46771?
CVE-2022-46771 has a severity rating of 4.6, which is considered medium.
Which versions of IBM UrbanCode Deploy are affected by CVE-2022-46771?
IBM UrbanCode Deploy versions 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2, and 7.3.0.0 are all affected by CVE-2022-46771.
What is the vulnerability type of CVE-2022-46771?
CVE-2022-46771 is a cross-site scripting vulnerability.
How can the cross-site scripting vulnerability CVE-2022-46771 be exploited?
The cross-site scripting vulnerability CVE-2022-46771 can be exploited by embedding arbitrary JavaScript code in the Web UI, thus altering its intended functionality.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/remedy
agent/description
agent/tags
agent/softwarecombine
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm urbancode deploy
version/ibm urbancode deploy/6.2.0.0
version/ibm urbancode deploy/6.2.7.18
version/ibm urbancode deploy/7.0.5.0
version/ibm urbancode deploy/7.0.5.13
version/ibm urbancode deploy/7.1.0.0
version/ibm urbancode deploy/7.1.2.9
version/ibm urbancode deploy/7.2.0.0
version/ibm urbancode deploy/7.2.3.2
version/ibm urbancode deploy/7.3.0.0
canonical/ibm ucd - ibm urbancode deploy
version/ibm ucd - ibm urbancode deploy/6.2.0.0 - 6.2.7.18
version/ibm ucd - ibm urbancode deploy/7.0.5.0 - 7.0.5.13
version/ibm ucd - ibm urbancode deploy/7.1.0.0 - 7.1.2.9
version/ibm ucd - ibm urbancode deploy/7.2.0.0 - 7.2.3.2
version/ibm ucd - ibm urbancode deploy/7.3.0.0