IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
Problem Types
| Type | CWE ID | Description |
|---|
| CWE | CWE-201 | CWE-201 Insertion of Sensitive Information Into Sent Data |
Type: CWE
Description: CWE-201 Insertion of Sensitive Information Into Sent Data
Metrics
| Version | Base score | Base severity | Vector |
|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N