← Back

CVE-2024-22358

nvd nist
Published: Apr 12, 2024Modified: Jan 29, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.

Affected (5)

Ibm
2 products
Devops Deploy
Urbancode Deploy
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Devops Deploy
From 8.0.0.0 to 8.0.1.0
Ibm
Urbancode Deploy
From 7.0.0.0 to 7.0.5.21
Urbancode Deploy
From 7.1.0.0 to 7.1.2.17
Urbancode Deploy
From 7.2.0.0 to 7.2.3.10
Urbancode Deploy
From 7.3.0.0 to 7.3.2.5

Related CWEs

CWE-613
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (4)

Source: psirt@us.ibm.com
VDB Entry
Source: psirt@us.ibm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.