{"api_version":"1","generated_at":"2026-05-05T02:23:52+00:00","cve":"CVE-2022-35716","urls":{"html":"https://cve.report/CVE-2022-35716","api":"https://cve.report/api/cve/CVE-2022-35716.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-35716","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-35716"},"summary":{"title":"CVE-2022-35716","description":"IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2022-08-01 11:15:00","updated_at":"2023-08-08 14:22:00"},"problem_types":["CWE-863"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/231360","name":"ibm-ucd-cve202235716-info-disc (231360)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/6608584","name":"https://www.ibm.com/support/pages/node/6608584","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: Urbancode Deploy is vulnerable to incorrect authorization reading Component Processes ( CVE-2022-35716 )","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-35716","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35716","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"35716","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"urbancode_deploy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"references":{"reference_data":[{"title":"IBM Security Bulletin 6608584 (UrbanCode Deploy)","url":"https://www.ibm.com/support/pages/node/6608584","name":"https://www.ibm.com/support/pages/node/6608584","refsource":"CONFIRM"},{"title":"X-Force Vulnerability Report","refsource":"XF","name":"ibm-ucd-cve202235716-info-disc (231360)","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/231360"}]},"description":{"description_data":[{"value":"IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.","lang":"eng"}]},"CVE_data_meta":{"ID":"CVE-2022-35716","DATE_PUBLIC":"2022-07-29T00:00:00","STATE":"PUBLIC","ASSIGNER":"psirt@us.ibm.com"},"data_version":"4.0","problemtype":{"problemtype_data":[{"description":[{"value":"Obtain Information","lang":"eng"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"UrbanCode Deploy","version":{"version_data":[{"version_value":"7.0.0.0"},{"version_value":"7.1.0.0"},{"version_value":"7.2.0.0"},{"version_value":"6.2.0.0"},{"version_value":"6.2.7.16"},{"version_value":"7.0.5.11"},{"version_value":"7.1.2.7"},{"version_value":"7.2.3.0"}]}}]}}]}},"data_format":"MITRE","impact":{"cvssv3":{"TM":{"RC":"C","RL":"O","E":"U"},"BM":{"PR":"L","UI":"N","I":"N","SCORE":"5.300","AV":"N","C":"H","AC":"H","S":"U","A":"N"}}},"data_type":"CVE"},"nvd":{"publishedDate":"2022-08-01 11:15:00","lastModifiedDate":"2023-08-08 14:22:00","problem_types":["CWE-863"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0.0","versionEndExcluding":"7.2.3.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.0.0","versionEndExcluding":"7.1.2.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0.0","versionEndExcluding":"7.0.5.12","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0.0","versionEndExcluding":"6.2.7.17","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}