What is the severity of CVE-2024-22359?

CVE-2024-22359 is classified as a cross-site scripting vulnerability, which can lead to unauthorized actions or data exposure.

How do I fix CVE-2024-22359?

To fix CVE-2024-22359, upgrade IBM UrbanCode Deploy to a version later than 7.0.5.20, 7.1.2.16, 7.2.3.9, 7.3.2.4, or IBM DevOps Deploy to a version greater than 8.0.0.1.

Who is affected by CVE-2024-22359?

CVE-2024-22359 affects users of IBM UrbanCode Deploy versions 7.0 to 7.3 and IBM DevOps Deploy version 8.0 up to 8.0.0.1.

What kind of exploit is possible with CVE-2024-22359?

An attacker can exploit CVE-2024-22359 to execute arbitrary JavaScript code in the user's browser via the affected web UI.

When was CVE-2024-22359 reported?

CVE-2024-22359 was reported in 2024, highlighting a vulnerability found in multiple versions of IBM UrbanCode Deploy and IBM DevOps Deploy.

Vulnerability/
CVE-2024-22359

medium

6.1

CWE

11/4/2024

12/4/2024

29/1/2025

CVE-2024-22359: IBM UrbanCode Deploy cross-site scripting

First published: Thu Apr 11 2024(Updated: )

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM UrbanCode Deploy	>=8.0.0.0<8.0.1.0
IBM UrbanCode Deploy	>=7.0.0.0<7.0.5.21
IBM UrbanCode Deploy	>=7.1.0.0<7.1.2.17
IBM UrbanCode Deploy	>=7.2.0.0<7.2.3.10
IBM UrbanCode Deploy	>=7.3.0.0<7.3.2.5
IBM UrbanCode Deploy	<=7.0 - 7.0.5.20
IBM UrbanCode Deploy	<=7.1 - 7.1.2.16
IBM UrbanCode Deploy	<=7.2 - 7.2.3.9
IBM UrbanCode Deploy	<=7.3 - 7.3.2.4
IBM UrbanCode Deploy	<=8.0 - 8.0.0.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7148111

Frequently Asked Questions

What is the severity of CVE-2024-22359?
CVE-2024-22359 is classified as a cross-site scripting vulnerability, which can lead to unauthorized actions or data exposure.
How do I fix CVE-2024-22359?
To fix CVE-2024-22359, upgrade IBM UrbanCode Deploy to a version later than 7.0.5.20, 7.1.2.16, 7.2.3.9, 7.3.2.4, or IBM DevOps Deploy to a version greater than 8.0.0.1.
Who is affected by CVE-2024-22359?
CVE-2024-22359 affects users of IBM UrbanCode Deploy versions 7.0 to 7.3 and IBM DevOps Deploy version 8.0 up to 8.0.0.1.
What kind of exploit is possible with CVE-2024-22359?
An attacker can exploit CVE-2024-22359 to execute arbitrary JavaScript code in the user's browser via the affected web UI.
When was CVE-2024-22359 reported?
CVE-2024-22359 was reported in 2024, highlighting a vulnerability found in multiple versions of IBM UrbanCode Deploy and IBM DevOps Deploy.

agent/weakness
agent/references
agent/title
agent/type
agent/description
agent/first-publish-date
agent/author
agent/severity
collector/mitre-cve
source/MITRE
agent/trending
agent/source
agent/last-modified-date
agent/event
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/ibm-support
source/IBM
vendor/ibm
canonical/ibm urbancode deploy
version/ibm urbancode deploy/8.0.0.0
version/ibm urbancode deploy/7.0.0.0
version/ibm urbancode deploy/7.1.0.0
version/ibm urbancode deploy/7.2.0.0
version/ibm urbancode deploy/7.3.0.0
version/ibm urbancode deploy/7.0 - 7.0.5.20
version/ibm urbancode deploy/7.1 - 7.1.2.16
version/ibm urbancode deploy/7.2 - 7.2.3.9
version/ibm urbancode deploy/7.3 - 7.3.2.4
version/ibm urbancode deploy/8.0 - 8.0.0.1