CVE-2016-8938

EUVD-2016-9763
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
ibmurbancode_deploy
6.0
ibmurbancode_deploy
6.0.1
ibmurbancode_deploy
6.0.1.1
ibmurbancode_deploy
6.0.1.2
ibmurbancode_deploy
6.0.1.3
ibmurbancode_deploy
6.0.1.4
ibmurbancode_deploy
6.0.1.5
ibmurbancode_deploy
6.0.1.6
ibmurbancode_deploy
6.0.1.7
ibmurbancode_deploy
6.0.1.8
ibmurbancode_deploy
6.0.1.9
ibmurbancode_deploy
6.0.1.10
ibmurbancode_deploy
6.0.1.11
ibmurbancode_deploy
6.0.1.12
ibmurbancode_deploy
6.0.1.13
ibmurbancode_deploy
6.0.1.14
ibmurbancode_deploy
6.1
ibmurbancode_deploy
6.1.0.1
ibmurbancode_deploy
6.1.0.2
ibmurbancode_deploy
6.1.0.3
ibmurbancode_deploy
6.1.0.4
ibmurbancode_deploy
6.1.1
ibmurbancode_deploy
6.1.1.1
ibmurbancode_deploy
6.1.1.2
ibmurbancode_deploy
6.1.1.3
ibmurbancode_deploy
6.1.1.4
ibmurbancode_deploy
6.1.1.5
ibmurbancode_deploy
6.1.1.6
ibmurbancode_deploy
6.1.1.7
ibmurbancode_deploy
6.1.1.8
ibmurbancode_deploy
6.1.2
ibmurbancode_deploy
6.1.3
ibmurbancode_deploy
6.1.3.1
ibmurbancode_deploy
6.1.3.2
ibmurbancode_deploy
6.1.3.3
ibmurbancode_deploy
6.2.0.0
ibmurbancode_deploy
6.2.0.1
ibmurbancode_deploy
6.2.0.2
ibmurbancode_deploy
6.2.1
ibmurbancode_deploy
6.2.1.1
ibmurbancode_deploy
6.2.2
ibmurbancode_deploy
6.2.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg2C1000237
http://www.securityfocus.com/bid/95289
http://www.ibm.com/support/docview.wss?uid=swg2C1000237
http://www.securityfocus.com/bid/95289