CVE-2024-54176: IBM UrbanCode Deploy missing authentication
First published: Fri Feb 07 2025(Updated: )
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DevOps Deploy | >=8.0<=8.0.1.4>=8.1<8.1.0.0 | |
| IBM UrbanCode Deploy | >=7.0<=7.0.5.25>=7.1<=7.1.2.21>=7.2<=7.2.3.14>=7.3<7.3.2 | |
| IBM UCD - IBM UrbanCode Deploy | <=7.0 - 7.0.5.25 | |
| IBM UCD - IBM UrbanCode Deploy | <=7.1 - 7.1.2.21 | |
| IBM UCD - IBM UrbanCode Deploy | <=7.2 - 7.2.3.14 | |
| IBM UCD - IBM UrbanCode Deploy | <=7.3 - 7.3.2.9 | |
| IBM UCD - IBM DevOps Deploy | <=8.0 - 8.0.1.4 | |
| IBM UCD - IBM DevOps Deploy | <=8.1 - 8.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability associated with CVE-2024-54176?
CVE-2024-54176 allows an authenticated user to obtain sensitive information about other users due to missing authorization in IBM DevOps Deploy and IBM UrbanCode Deploy.
Which versions of IBM software are affected by CVE-2024-54176?
CVE-2024-54176 affects IBM DevOps Deploy versions 8.0 to 8.0.1.4 and 8.1 to 8.1.0.0, as well as IBM UrbanCode Deploy versions 7.0 through 7.3.2.
What might an attacker gain access to due to CVE-2024-54176?
An attacker could potentially gain access to sensitive information regarding other users on the system using CVE-2024-54176.
How can I mitigate the risks associated with CVE-2024-54176?
To mitigate CVE-2024-54176, ensure that users have proper authorization controls in place and apply the recommended patches from IBM.
Is there a patch available for CVE-2024-54176?
Yes, IBM has provided patches to address the issues related to CVE-2024-54176, which should be applied promptly to affected systems.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- collector/ibm-support
- source/IBM
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/ibm
- canonical/ibm devops deploy
- canonical/ibm urbancode deploy
- canonical/ibm ucd - ibm urbancode deploy
- version/ibm ucd - ibm urbancode deploy/7.0 - 7.0.5.25
- version/ibm ucd - ibm urbancode deploy/7.1 - 7.1.2.21
- version/ibm ucd - ibm urbancode deploy/7.2 - 7.2.3.14
- version/ibm ucd - ibm urbancode deploy/7.3 - 7.3.2.9
- canonical/ibm ucd - ibm devops deploy
- version/ibm ucd - ibm devops deploy/8.0 - 8.0.1.4
- version/ibm ucd - ibm devops deploy/8.1 - 8.1.0.0