CVE-2024-22334

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.

CVSS v3.0 4.4 MEDIUM

4.4^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/279974	VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/279974	VDB Entry
https://www.ibm.com/support/pages/node/7148112	Vendor Advisory
https://www.ibm.com/support/pages/node/7148112	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:urbancode_deploy::::::::
	cpe:2.3:a:ibm:urbancode_deploy::::::::
	cpe:2.3:a:ibm:urbancode_deploy::::::::
	cpe:2.3:a:ibm:devops_deploy::::::::

History

29 Jan 2025, 21:27

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.4
First Time		Ibm devops Deploy Ibm Ibm urbancode Deploy
CPE		cpe:2.3:a:ibm:urbancode_deploy:::::::: cpe:2.3:a:ibm:devops_deploy::::::::
CWE	~~CWE-732~~
References	~~() https://www.ibm.com/support/pages/node/7148112 -~~	() https://www.ibm.com/support/pages/node/7148112 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 - VDB Entry

12 Apr 2024, 17:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-12 17:17

Updated : 2025-01-29 21:27

NVD link : CVE-2024-22334

Mitre link : CVE-2024-22334

JSON object : View

Products Affected

ibm

devops_deploy
urbancode_deploy

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279974", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279974", "tags": ["VDB Entry"], "refsource": ""}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279974", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279974", "tags": ["VDB Entry"], "refsource": ""}, {"url": "https://www.ibm.com/support/pages/node/7148112", "name": "https://www.ibm.com/support/pages/node/7148112", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://www.ibm.com/support/pages/node/7148112", "name": "https://www.ibm.com/support/pages/node/7148112", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-22334", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.7}}, "publishedDate": "2024-04-12T17:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.0.5.21", "versionStartIncluding": "7.0.0.0"}, {"cpe23Uri": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.1.2.17", "versionStartIncluding": "7.1.0.0"}, {"cpe23Uri": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.2.3.10", "versionStartIncluding": "7.2.0.0"}, {"cpe23Uri": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.0.1.0", "versionStartIncluding": "8.0.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-01-29T21:27Z"}