Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM11A1CD9A3FABF75C84240C98B207DACD05F443FEF1DF8AC24C6547DB1A07F79B
HistoryApr 11, 2024 - 7:04 p.m.

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a incomplete revocation of permissions vulnerability (CVE-2024-22334)

2024-04-1119:04:16
www.ibm.com
10
ibm
urbancode deploy
ucd
incomplete revocation
permissions
vulnerability
cve-2024-22334
upgrade
versions
7.0.5.21
7.1.2.17
7.2.3.10
7.3.2.5
8.0.1.0

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary

BM DevOps Deploy / IBM UrbanCode Deploy (UCD) could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained.

Vulnerability Details

CVEID:CVE-2024-22334
**DESCRIPTION:**IBM UrbanCode Deploy (UCD) could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
UCD - IBM UrbanCode Deploy 7.0 - 7.0.5.20
UCD - IBM UrbanCode Deploy 7.1 - 7.1.2.16
UCD - IBM UrbanCode Deploy 7.2 - 7.2.3.9
UCD - IBM UrbanCode Deploy 7.3 - 7.3.2.4
UCD - IBM DevOps Deploy 8.0 - 8.0.0.1

Remediation/Fixes

IBM strongly suggests the following:

Upgrade affected versions to any of 7.0.5.21, 7.1.2.17, 7.2.3.10, 7.3.2.5, or 8.0.1.0 or later

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmurbancode_deployMatch8.0.1.0
CPENameOperatorVersion
ibm urbancode deployeq8.0.1.0

Related

nvd 1
cnvd 1
cve 1
cvelist 1
nvd
nvd
CVE-2024-22334
2024-04-12 17:17:21
cnvd
cnvd
IBM DevOps Deploy and IBM UrbanCode Deploy Access Control Error Vulnerability
2024-04-16 00:00:00
cve
cve
CVE-2024-22334
2024-04-12 17:17:21
cvelist
cvelist
CVE-2024-22334 IBM UrbanCode Deploy improper privilege control
2024-04-12 16:41:15

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for 11A1CD9A3FABF75C84240C98B207DACD05F443FEF1DF8AC24C6547DB1A07F79B
nvd1cnvd1cve1cvelist1