SB2022070416 - Cleartext storage of sensitive information in IBM UrbanCode Deploy (UCD)
Published: July 4, 2022
Security Bulletin ID
SB2022070416
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cleartext storage of sensitive information (CVE-ID: CVE-2022-22367)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to IBM UrbanCode Deploy (UCD) can disclose sensitive database information to a local user in plain text. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-could-disclose-sensitive-database-information-to-a-local-user-in-plain-text-cve-2022-22367/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-could-disclose-sensitive-database-information-to-a-local-user-in-plain-text-cve-2022-22367/</a><br><a
- https://www.ibm.com/support/pages/node/6600067"
- https://www.ibm.com/support/pages/node/6600067</a><br><br><br></p>