CVE-2024-54176

Published: Feb 8, 2025Modified: Aug 15, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

Affected (6)

Products: Ibm: Devops Deploy, Urbancode Deploy

Ibm

2 products

Devops Deploy

Urbancode Deploy

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ibm Devops Deploy	From 8.0.0.0 to 8.0.1.5
Ibm Devops Deploy	Version 8.1.0.0
Ibm Urbancode Deploy	From 7.0.0.0 to 7.0.5.26
Ibm Urbancode Deploy	From 7.1.0.0 to 7.1.2.22
Ibm Urbancode Deploy	From 7.2.0.0 to 7.2.3.15
Ibm Urbancode Deploy	From 7.3.0.0 to 7.3.2.10

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://www.ibm.com/support/pages/node/7182840

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.