Vulnerability Database

314,373

Total vulnerabilities in the database

CVE-2015-4964

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.

Published: Oct 6, 2015
Updated: Nov 9, 2025
CVE: CVE-2015-4964
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / urbancode_deploy	6.1.1.2	6.1.1.2.x
ibm / urbancode_deploy	6.0.1.8	6.0.1.8.x
ibm / urbancode_deploy	6.0.1.9	6.0.1.9.x
ibm / urbancode_deploy	6.0.1.1	6.0.1.1.x
ibm / urbancode_deploy	6.0.1.7	6.0.1.7.x
ibm / urbancode_deploy	6.0.1.3	6.0.1.3.x
ibm / urbancode_deploy	6.0.1.6	6.0.1.6.x
ibm / urbancode_deploy	6.1.1.1	6.1.1.1.x
ibm / urbancode_deploy	6.1.1.5	6.1.1.5.x
ibm / urbancode_deploy	6.0.1.4	6.0.1.4.x
ibm / urbancode_deploy	6.1.1.6	6.1.1.6.x
ibm / urbancode_deploy	6.0.1.0	6.0.1.0.x
ibm / urbancode_deploy	6.1.1.0	6.1.1.0.x
ibm / urbancode_deploy	6.1.1.7	6.1.1.7.x
ibm / urbancode_deploy	6.1.1.3	6.1.1.3.x
ibm / urbancode_deploy	6.0	6.0.x
ibm / urbancode_deploy	6.0.1.5	6.0.1.5.x
ibm / urbancode_deploy	6.0.1.2	6.0.1.2.x
ibm / urbancode_deploy	6.1.2	6.1.2.x
ibm / urbancode_deploy	6.1.1.4	6.1.1.4.x

http://www-01.ibm.com/support/docview.wss?uid=swg21964623

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo