First published: Wed Dec 13 2023(Updated: )
An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM UCD - IBM UrbanCode Deploy | <=7.2 - 7.2.3.7 | |
IBM UCD - IBM UrbanCode Deploy | <=7.3 - 7.3.2.2 | |
IBM UrbanCode Deploy | >=7.2.0.0<=7.2.3.7 | |
IBM UrbanCode Deploy | >=7.3.0.0<=7.3.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-42012 is rated as a denial of service vulnerability affecting specific versions of IBM UrbanCode Deploy.
To address CVE-2023-42012, update IBM UrbanCode Deploy to a version beyond 7.2.3.7 or 7.3.2.2.
CVE-2023-42012 affects IBM UrbanCode Deploy versions 7.2 through 7.2.3.7 and 7.3 through 7.3.2.2.
Yes, local accounts can exploit CVE-2023-42012 to launch a denial of service attack against the affected IBM UrbanCode Deploy installations.
Currently, the recommended action for CVE-2023-42012 is to upgrade to a secure version, as specific workarounds may not be provided.