CVE-2024-54176

Summary

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

Affected Software

VendorProductVersion RangeStatus
IBMUrbanCode Deploy7.0 <= 7.0.5.25affected
IBMUrbanCode Deploy7.1 <= 7.1.2.21affected
IBMUrbanCode Deploy7.2 <= 7.2.3.14affected
IBMUrbanCode Deploy7.3 <= 7.3.2.9affected
IBMDevOps Deploy8.0 <= 8.0.1.4affected
IBMDevOps Deploy8.1 <= 8.1.0.0affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References