CVE-2015-4964

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
ibmurbancode_deploy
6.0
ibmurbancode_deploy
6.0.1.0
ibmurbancode_deploy
6.0.1.1
ibmurbancode_deploy
6.0.1.2
ibmurbancode_deploy
6.0.1.3
ibmurbancode_deploy
6.0.1.4
ibmurbancode_deploy
6.0.1.5
ibmurbancode_deploy
6.0.1.6
ibmurbancode_deploy
6.0.1.7
ibmurbancode_deploy
6.0.1.8
ibmurbancode_deploy
6.0.1.9
ibmurbancode_deploy
6.1.1.0
ibmurbancode_deploy
6.1.1.1
ibmurbancode_deploy
6.1.1.2
ibmurbancode_deploy
6.1.1.3
ibmurbancode_deploy
6.1.1.4
ibmurbancode_deploy
6.1.1.5
ibmurbancode_deploy
6.1.1.6
ibmurbancode_deploy
6.1.1.7
ibmurbancode_deploy
6.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21964623
http://www-01.ibm.com/support/docview.wss?uid=swg21964623