VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Jul 1, 2016· Updated May 6, 2026

CVE-2016-0364

CVE-2016-0364

Description

IBM UrbanCode Deploy fails to obfuscate secure properties containing special characters in step output logs, allowing authenticated users to read sensitive values.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM UrbanCode Deploy fails to obfuscate secure properties containing special characters in step output logs, allowing authenticated users to read sensitive values.

Vulnerability

IBM UrbanCode Deploy versions 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not properly implement the logging-obfuscation feature for secure properties. When a secure property contains certain special characters, the property value is not obfuscated in the step output logs of steps that use that property [1].

Exploitation

An attacker must be an authenticated user with permissions to modify a property on the server. The attacker then creates or modifies a secure property to include special characters that trigger the obfuscation failure. When a step that uses this property runs, the property value is written in plaintext to the step output logs, which the attacker can access [1].

Impact

Successful exploitation allows the attacker to read the plaintext value of secure properties from the step output logs, leading to disclosure of sensitive information. The confidentiality impact is limited to the properties that are not properly obfuscated [1].

Mitigation

IBM has released fixes in versions 6.0.1.13, 6.1.3.3, and 6.2.1.1. Users should upgrade to these or later versions. No workaround is available [1].

References
  1. Security Bulletin: Properties with special characters in IBM UrbanCode Deploy might not be obfuscated correctly (CVE-2016-0364)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

37
  • IBM/Urbancode Deploy37 versions
    cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*+ 36 more
    • cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*
    • (no CPE)range: 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.