CVE-2024-22358
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | UrbanCode Deploy | 7.0 <= 7.0.5.20 | affected |
| IBM | UrbanCode Deploy | 7.1 <= 7.1.2.16 | affected |
| IBM | UrbanCode Deploy | 7.2 <= 7.2.3.9 | affected |
| IBM | UrbanCode Deploy | 7.3 <= 7.3.2.4 | affected |
| IBM | DevOps Deploy | 8.0 <= 8.0.0.1 | affected |
Weaknesses
- CWE-613: CWE-613 Insufficient Session Expiration
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/7148109
- https://exchange.xforce.ibmcloud.com/vulnerabilities/280896
References
- https://www.ibm.com/support/pages/node/7148109
- https://exchange.xforce.ibmcloud.com/vulnerabilities/280896
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.