1. Home
  2. CVE Database
  3. CVE-2015-4964
MEDIUM · 6.0

CVE-2015-4964

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by ...

Vulnerability Description

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.

CVSS Score

6.0

MEDIUM

AV:N/AC:M/Au:S/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
IbmUrbancode Deploy6.0

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2015-4964?

CVE-2015-4964 is a vulnerability with a CVSS score of 6.0 (MEDIUM). IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by ...

How severe is CVE-2015-4964?

CVE-2015-4964 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4964?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Urbancode Deploy.