#VU85330 Resource exhaustion in UCD - IBM UrbanCode Deploy - CVE-2023-42012

Cybersecurity Help s.r.o.

Published: 2024-01-12

Vulnerability identifier: #VU85330

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-42012

CWE-ID: CWE-400

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
UCD - IBM UrbanCode Deploy
Server applications / Other server solutions

Vendor: IBM Corporation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability occurs when IBM UrbanCode Deploy Agent installed as a Windows service in a non-standard location. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

UCD - IBM UrbanCode Deploy: 7.2.0.0 - 7.2.0.2, 7.2.1.0 - 7.2.1.2, 7.2.2.1, 7.2.3.0 - 7.2.3.7, 7.3.0.0 - 7.3.0.1, 7.3.1.0, 7.3.2.0 - 7.3.2.2

External links
https://www.ibm.com/support/pages/node/7096548
https://exchange.xforce.ibmcloud.com/vulnerabilities/265509

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource exhaustion in IBM UrbanCode Deploy (UCD)