What is the severity of CVE-2024-28781?

CVE-2024-28781 has been classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.

How do I fix CVE-2024-28781?

To fix CVE-2024-28781, upgrade IBM UrbanCode Deploy to version 7.0.5.21 or later, 7.1.2.17 or later, 7.2.3.10 or later, 7.3.2.5 or later, or any version beyond 8.0.0.1.

Which versions are affected by CVE-2024-28781?

CVE-2024-28781 affects IBM UrbanCode Deploy versions 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1.

What impacts does CVE-2024-28781 have on users?

CVE-2024-28781 allows attackers to embed arbitrary JavaScript code in the Web UI, potentially leading to data manipulation and unauthorized actions.

Is it necessary to apply the security patch for CVE-2024-28781 immediately?

Yes, it is recommended to apply the patch for CVE-2024-28781 as soon as possible to protect against cross-site scripting vulnerabilities.

Vulnerability/
CVE-2024-28781

medium

5.4

CWE

9/5/2024

10/5/2024

27/1/2025

CVE-2024-28781: IBM UrbanCode Deploy cross-site scripting

First published: Thu May 09 2024(Updated: )

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM UrbanCode Deploy	<=7.0 - 7.0.5.20
IBM UrbanCode Deploy	<=7.1 - 7.1.2.16
IBM UrbanCode Deploy	<=7.2 - 7.2.3.9
IBM UrbanCode Deploy	<=7.3 - 7.3.2.4
IBM UrbanCode Deploy	<=8.0 - 8.0.0.1
IBM UrbanCode Deploy	>=8.0.0.0<8.0.1.0
IBM UrbanCode	>=7.0.0.0<7.0.5.21
IBM UrbanCode	>=7.1.0.0<7.1.2.17
IBM UrbanCode	>=7.2.0.0<7.2.3.10
IBM UrbanCode	>=7.3.0.0<7.3.2.5

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7150747

Frequently Asked Questions

What is the severity of CVE-2024-28781?
CVE-2024-28781 has been classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2024-28781?
To fix CVE-2024-28781, upgrade IBM UrbanCode Deploy to version 7.0.5.21 or later, 7.1.2.17 or later, 7.2.3.10 or later, 7.3.2.5 or later, or any version beyond 8.0.0.1.
Which versions are affected by CVE-2024-28781?
CVE-2024-28781 affects IBM UrbanCode Deploy versions 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1.
What impacts does CVE-2024-28781 have on users?
CVE-2024-28781 allows attackers to embed arbitrary JavaScript code in the Web UI, potentially leading to data manipulation and unauthorized actions.
Is it necessary to apply the security patch for CVE-2024-28781 immediately?
Yes, it is recommended to apply the patch for CVE-2024-28781 as soon as possible to protect against cross-site scripting vulnerabilities.

agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/trending
agent/source
agent/last-modified-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/ibm
canonical/ibm urbancode deploy
version/ibm urbancode deploy/7.0 - 7.0.5.20
version/ibm urbancode deploy/7.1 - 7.1.2.16
version/ibm urbancode deploy/7.2 - 7.2.3.9
version/ibm urbancode deploy/7.3 - 7.3.2.4
version/ibm urbancode deploy/8.0 - 8.0.0.1
version/ibm urbancode deploy/8.0.0.0
canonical/ibm urbancode
version/ibm urbancode/7.0.0.0
version/ibm urbancode/7.1.0.0
version/ibm urbancode/7.2.0.0
version/ibm urbancode/7.3.0.0