CVE-2016-0271

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
ibmurbancode_deploy
6.0
ibmurbancode_deploy
6.0.1.0
ibmurbancode_deploy
6.0.1.1
ibmurbancode_deploy
6.0.1.2
ibmurbancode_deploy
6.0.1.3
ibmurbancode_deploy
6.0.1.4
ibmurbancode_deploy
6.0.1.5
ibmurbancode_deploy
6.0.1.6
ibmurbancode_deploy
6.0.1.7
ibmurbancode_deploy
6.0.1.8
ibmurbancode_deploy
6.0.1.9
ibmurbancode_deploy
6.0.1.10
ibmurbancode_deploy
6.0.1.11
ibmurbancode_deploy
6.0.1.12
ibmurbancode_deploy
6.0.1.13
ibmurbancode_deploy
6.1
ibmurbancode_deploy
6.1.0.1
ibmurbancode_deploy
6.1.0.2
ibmurbancode_deploy
6.1.0.3
ibmurbancode_deploy
6.1.0.4
ibmurbancode_deploy
6.1.1.0
ibmurbancode_deploy
6.1.1.1
ibmurbancode_deploy
6.1.1.2
ibmurbancode_deploy
6.1.1.3
ibmurbancode_deploy
6.1.1.4
ibmurbancode_deploy
6.1.1.5
ibmurbancode_deploy
6.1.1.6
ibmurbancode_deploy
6.1.1.7
ibmurbancode_deploy
6.1.1.8
ibmurbancode_deploy
6.1.2
ibmurbancode_deploy
6.1.3
ibmurbancode_deploy
6.1.3.1
ibmurbancode_deploy
6.1.3.2
ibmurbancode_deploy
6.2.0.0
ibmurbancode_deploy
6.2.0.1
ibmurbancode_deploy
6.2.0.2
ibmurbancode_deploy
6.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150