CVE-2024-45091

Published: Jan 21, 2025Modified: Jan 29, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

Affected (3)

Products: Ibm: Urbancode Deploy

Ibm

1 product

Urbancode Deploy

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Urbancode Deploy	From 7.0.0.0 to 7.0.5.25
Ibm Urbancode Deploy	From 7.1.0.0 to 7.1.2.21
Ibm Urbancode Deploy	From 7.2.0.0 to 7.2.3.14

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (1)

https://www.ibm.com/support/pages/node/7177857

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.