21 matches found
CVE-2025-31991 HCL DevOps Velocity is susceptible to brute-force attacks
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...
CVE-2025-31991 HCL DevOps Velocity is susceptible to brute-force attacks
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...
CVE-2025-31991
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...
CVE-2025-31991
The CVE-2025-31991 entries describe a brute-force risk in HCL DevOps Velocity caused by improper enforcement of login rate limiting. Affected software is HCL DevOps Velocity (no specific build details provided beyond the fixed version). The root cause is insufficient restrictions on successive lo...
HCL DevOps Velocity 安全漏洞
HCL DevOps Velocity is a pipeline orchestration and management tool used by HCL Company in India. Versions of HCL DevOps Velocity prior to 5.1.7 contained security vulnerabilities. These vulnerabilities were due to improper implementation of rate-limiting mechanisms for login attempts, which coul...
PT-2026-32380
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...
EUVD-2024-19910
Malicious code in bioql PyPI...
CVE-2024-22348
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
CVE-2024-22347
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2024-22349
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system...
CVE-2024-22348
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
CVE-2024-22347
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2024-22349
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system...
CVE-2024-22349 IBM UrbanCode Velocity information disclosure
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system...
IBM DevOps Velocity和IBM UrbanCode Velocity 安全漏洞
IBM DevOps Velocity and IBM UrbanCode Velocity are both products of International Business Machines IBM.IBM DevOps Velocity is an enterprise-class release management application that supports cloud-native and local deployments.IBM UrbanCode Velocity is an enterprise-class release management and...
IBM DevOps Velocity和IBM UrbanCode Velocity 安全漏洞
IBM DevOps Velocity and IBM UrbanCode Velocity are both products of International Business Machines IBM.IBM DevOps Velocity is an enterprise-class release management application that supports cloud-native and local deployments.IBM UrbanCode Velocity is an enterprise-class release management and...
IBM DevOps Velocity和IBM UrbanCode Velocity 加密问题漏洞
IBM DevOps Velocity and IBM UrbanCode Velocity are both products of International Business Machines IBM.IBM DevOps Velocity is an enterprise-class release management application that supports cloud-native and local deployments.IBM UrbanCode Velocity is an enterprise-class release management and...
Security Bulletin: IBM DevOps Velocity is vulnerable due to multiple misconfigurations
Summary Multiple vulnerabilities in IBM DevOps Velocity have been address in IBM DevOps Velocity version 5.0.1 Vulnerability Details CVEID:CVE-2024-22348 DESCRIPTION: IBM UCV - UrbanCode Velocity uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions...
PT-2024-10239 · Ibm · Ibm Devops Velocity +1
Name of the Vulnerable Software and Affected Versions: IBM DevOps Velocity version 5.0.0 IBM UrbanCode Velocity versions 4.0.0 through 4.0.25 Description: The issue is related to the use of an untrusted cross-domain policy file, which could allow a remote attacker to gain unauthorized access to...
PT-2024-10238 · Ibm · Ibm Devops Velocity +1
Name of the Vulnerable Software and Affected Versions: IBM DevOps Velocity version 5.0.0 IBM UrbanCode Velocity versions 4.0.0 through 4.0.25 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive...