CVE-2017-1149

IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202.

Published: Apr 25, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-1149
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:S/C:P/I:N/A:C

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
ibm / urbancode_deploy	6.1.1.2	6.1.1.2.x
ibm / urbancode_deploy	6.2.0.0	6.2.0.0.x
ibm / urbancode_deploy	6.0.1.8	6.0.1.8.x
ibm / urbancode_deploy	6.2.0.2	6.2.0.2.x
ibm / urbancode_deploy	6.1.0.4	6.1.0.4.x
ibm / urbancode_deploy	6.0.1.9	6.0.1.9.x
ibm / urbancode_deploy	6.0.1.1	6.0.1.1.x
ibm / urbancode_deploy	6.0.1.11	6.0.1.11.x
ibm / urbancode_deploy	6.0.1.7	6.0.1.7.x
ibm / urbancode_deploy	6.0.1.3	6.0.1.3.x
ibm / urbancode_deploy	6.0.1.6	6.0.1.6.x
ibm / urbancode_deploy	6.2.0.201	6.2.0.201.x
ibm / urbancode_deploy	6.1.1.1	6.1.1.1.x
ibm / urbancode_deploy	6.1.3.1	6.1.3.1.x
ibm / urbancode_deploy	6.1.1.5	6.1.1.5.x
ibm / urbancode_deploy	6.1.3	6.1.3.x
ibm / urbancode_deploy	6.2.1.1	6.2.1.1.x
ibm / urbancode_deploy	6.0.1.4	6.0.1.4.x
ibm / urbancode_deploy	6.1.1.8	6.1.1.8.x
ibm / urbancode_deploy	6.1.1.6	6.1.1.6.x
ibm / urbancode_deploy	6.2.0.1	6.2.0.1.x
ibm / urbancode_deploy	6.0.1.10	6.0.1.10.x
ibm / urbancode_deploy	6.0.1.0	6.0.1.0.x
ibm / urbancode_deploy	6.1.1.0	6.1.1.0.x
ibm / urbancode_deploy	6.1.0.1	6.1.0.1.x
ibm / urbancode_deploy	6.0.1.13	6.0.1.13.x
ibm / urbancode_deploy	6.2.1	6.2.1.x
ibm / urbancode_deploy	6.1.1.7	6.1.1.7.x
ibm / urbancode_deploy	6.1.1.3	6.1.1.3.x
ibm / urbancode_deploy	6.0	6.0.x
ibm / urbancode_deploy	6.1.3.2	6.1.3.2.x
ibm / urbancode_deploy	6.0.1.5	6.0.1.5.x
ibm / urbancode_deploy	6.1.0.3	6.1.0.3.x
ibm / urbancode_deploy	6.0.1.2	6.0.1.2.x
ibm / urbancode_deploy	6.1.2	6.1.2.x
ibm / urbancode_deploy	6.1.1.4	6.1.1.4.x
ibm / urbancode_deploy	6.0.1.12	6.0.1.12.x
ibm / urbancode_deploy	6.1	6.1.x

Vulnerability Database

314,373

CVE-2017-1149

Deep Security Visibility Without the Complexity