EUVD-2024-19910

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

IBM DevOps Velocity 5.0.0 and UrbanCode Velocity 4.0.0-4.0.25 allow local page access by users.

Reporter	Title	Published	Views	Family All 11
IBM Security Bulletins	Security Bulletin: IBM DevOps Velocity is vulnerable due to multiple misconfigurations	9 Oct 202422:27	–	ibm
BDU FSTEC	The vulnerability of the IBM DevOps Velocity lifecycle management platform (formerly known as IBM UrbanCode Velocity) relates to the disclosure of information through browser caching, allowing an intruder to gain unauthorized access to protected information.	23 Jan 202500:00	–	bdu_fstec
Circl	CVE-2024-22349	20 Jan 202518:01	–	circl
CNNVD	IBM DevOps Velocity和IBM UrbanCode Velocity 安全漏洞	20 Jan 202500:00	–	cnnvd
CVE	CVE-2024-22349	20 Jan 202517:42	–	cve
Cvelist	CVE-2024-22349 IBM UrbanCode Velocity information disclosure	20 Jan 202517:42	–	cvelist
NVD	CVE-2024-22349	20 Jan 202518:15	–	nvd
OSV	CVE-2024-22349	20 Jan 202518:15	–	osv
Positive Technologies	PT-2024-10237 · Ibm · Ibm Devops Velocity +1	9 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-22349	23 May 202507:33	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "e82f7561-f387-3ca3-9a23-226965a03a06",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0cccd442-b172-3684-aaf6-fc6c893a3105",
        "product": {
          "name": "DevOps Velocity"
        },
        "product_version": "5.0.0"
      },
      {
        "id": "60598a95-f972-35cc-83b1-e51e68543711",
        "product": {
          "name": "UrbanCode Velocity"
        },
        "product_version": "4.0.0 ≤4.0.25"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7172750

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.13.3 - 4

EPSS0.00017

SSVC