Old versions of UrbanCode Deploy web agents can allow unauthorized property modification of other agents.
CVEID: CVE-2018-1995 Details:
An authenticated agent can modify another agent’s properties using a specially crafted request.
Consequences:
Agent properties can be modified.
Remedy:
Upgrade all Web Agents to 7.0.1.2 or later, or use JMS communication instead.
All Web communication agents of IBM UrbanCode Deploy with versions 6.2.7.3 -6.2.7.4, and 7.0-7.0.1.1 are affected.
Agents using JMS communication are not affected.
Upgrade agents to IBM UrbanCode Deploy 7.0.1.2 or later.
Alternatively, switch agents to JMS communication while waiting to upgrade.
Switch agents from Web communication to JMS until upgrading is possible.