Medium Severity

Security Bulletin: IBM UrbanCode Deploy (UCD) could disclose sensitive database information to a local user in plain text. (CVE-2022-22367)

Share this post:

Certain data for recurring activites may be internally stored in a plain text format.

CVE(s): CVE-2022-22367

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
UCD – IBM UrbanCode Deploy 7.2.0.0 – 7.2.2.1
UCD – IBM UrbanCode Deploy 7.1.0.0 – 7.1.2.6
UCD – IBM UrbanCode Deploy 7.0.0.0 – 7.0.5.10
UCD – IBM UrbanCode Deploy 6.0.0.0 – 6.2.7.15

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6600067
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221008

More stories

Security Bulletin: IBM Robotic Process Automation is vulnerable to man in the middle attacks through manipulation of client proxy (CVE-2022-36774)

October 3, 2022 | Medium Severity

IBM Robotic Process automation is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. ...read more


Security Bulletin: IBM Robotic Process Automation is vulnerable to a remote attacker bypassing security restrictions due to node.js got module (CVE-2022-33987)

October 3, 2022 | Medium Severity

Node.js got module is used by IBM Robotic Process Automation as part of the web carbon framework. CVE-2022-33987. The fix includes carbon-components 10.56.0. ...read more


Security Bulletin: IBM Robotic Process Automation is vulnerable to cross origin resource shareing using the bot api (CVE-2022-41294)

October 3, 2022 | Medium Severity

IBM Robotic Process Automation is vulnerable to cross origin resource sharing using the bot api. ...read more