Low Severity

Security Bulletin: CVE-2019-4666 IBM UrbanCode Build (UCB) could allow a local user to obtain sensitive information by unmasking certain secure values in documents.

Share this post:

IBM UrbanCode Build (UCB) could allow a local user to obtain sensitive information by unmasking certain secure values in documents.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
UCB – IBM UrbanCode Build All

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1138576

More stories

Security Bulletin: IBM Security Information Queue could reveal sensitive data in application error messages (CVE-2020-4164)

Apr 7, 2020 8:01 pm EDT | Low Severity

In response to certain application errors, IBM Security Information Queue (ISIQ) could output messages that contain sensitve data, which could then be used to gain unauthorized system access. As of v1.0.6, ISIQ no longer includes sensitve data when outputting error messages. ...read more


Security Bulletin: Insufficient command validation in IBM Security Information Queue (CVE-2020-4282)

Apr 7, 2020 8:01 pm EDT | Low Severity

IBM Security Information Queue (ISIQ) does not implement encoding or escaping of command requests that originate in the web UI. For example, it would be possible to intercept a product configuration request, and replace the product name with illegal characters. As of v1.0.6, ISIQ performs back-end validation to ensure that commands have not been tampered with. ...read more


Security Bulletin: Security vulnerability in IBM Java SDK affect Rational Build Forge (CVE-2020-2654)

Mar 31, 2020 8:00 pm EDT | Low Severity

IBM® SDK Java™ Technology Edition that is used by IBM Rational Build Forge has a security vulnerability. IBM Rational Build Forge has addressed the applicable CVE. ...read more