Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat.
CVEID: CVE-2018-11784 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150860> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
All fixpacks of IBM UrbanCode Deploy 6.1 - 6.1.3.8, IBM UrbanCode Deploy 6.2 - 6.2.7.3, and IBM UrbanCode Deploy 7.0-7.0.1.1 are affected.
Upgrade to IBM UrbanCode Deploy 7.0.1.2 or later. If it is not possible to upgrade to 7.0.1.2, upgrade to IBM UrbanCode Deploy 6.2.7.4 or IBM UrbanCode Deploy 6.1.3.9 .
None