What is the severity of CVE-2024-55904?

CVE-2024-55904 is rated as a critical severity vulnerability due to the potential for remote command execution by authenticated attackers.

How do I fix CVE-2024-55904?

To mitigate CVE-2024-55904, upgrade IBM DevOps Deploy or IBM UrbanCode Deploy to the latest patched versions provided by IBM.

Which versions are affected by CVE-2024-55904?

CVE-2024-55904 affects IBM DevOps Deploy versions 8.0 through 8.0.1.4 and 8.1 through 8.1.0.0, and IBM UrbanCode Deploy versions 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9.

Can CVE-2024-55904 be exploited remotely?

Yes, CVE-2024-55904 can be exploited remotely by an authenticated attacker to execute arbitrary commands.

What should I do if I cannot upgrade to fix CVE-2024-55904?

If upgrading is not feasible, implement strict access controls and monitoring to limit the impact of CVE-2024-55904 until a patch can be applied.

Vulnerability/
CVE-2024-55904

high

7.2

CWE

14/2/2025

CVE-2024-55904: IBM DevOps Deploy / IBM UrbanCode Deploy command injection

First published: Fri Feb 14 2025(Updated: )

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM UrbanCode Deploy	>=8.0<=8.0.1.4>=8.1<8.1.0.0
IBM UrbanCode	>=7.0<=7.0.5.25>=7.1<=7.1.2.21>=7.2<=7.2.3.14>=7.3<=7.3.2.9

Never miss a vulnerability like this again

Reference Links

https://www.ibm.com/support/pages/node/7182841

Frequently Asked Questions

What is the severity of CVE-2024-55904?
CVE-2024-55904 is rated as a critical severity vulnerability due to the potential for remote command execution by authenticated attackers.
How do I fix CVE-2024-55904?
To mitigate CVE-2024-55904, upgrade IBM DevOps Deploy or IBM UrbanCode Deploy to the latest patched versions provided by IBM.
Which versions are affected by CVE-2024-55904?
CVE-2024-55904 affects IBM DevOps Deploy versions 8.0 through 8.0.1.4 and 8.1 through 8.1.0.0, and IBM UrbanCode Deploy versions 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9.
Can CVE-2024-55904 be exploited remotely?
Yes, CVE-2024-55904 can be exploited remotely by an authenticated attacker to execute arbitrary commands.
What should I do if I cannot upgrade to fix CVE-2024-55904?
If upgrading is not feasible, implement strict access controls and monitoring to limit the impact of CVE-2024-55904 until a patch can be applied.

agent/references
agent/title
agent/weakness
agent/type
agent/description
agent/first-publish-date
collector/nvd-api
source/NVD
agent/severity
agent/source
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm urbancode deploy
canonical/ibm urbancode

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.