Resource exhaustion in IBM UrbanCode Deploy (UCD)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-42012 |
| CWE-ID | CWE-400 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
UCD - IBM UrbanCode Deploy Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource exhaustion
EUVDB-ID: #VU85330
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42012
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability occurs when IBM UrbanCode Deploy Agent installed as a Windows service in a non-standard location. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsUCD - IBM UrbanCode Deploy: 7.2.0.0 - 7.3.2.2
CPE2.3- cpe:2.3:a:ibm_corporation:ucd_-_ibm_urbancode_deploy:7.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ucd_-_ibm_urbancode_deploy:7.2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ucd_-_ibm_urbancode_deploy:7.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ucd_-_ibm_urbancode_deploy:7.2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ucd_-_ibm_urbancode_deploy:7.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ucd_-_ibm_urbancode_deploy:7.3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ucd_-_ibm_urbancode_deploy:7.3.2.2:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7096548
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
