CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22349 – IBM UrbanCode Velocity information disclosure
https://notcve.org/view.php?id=CVE-2024-22349
20 Jan 2025 — IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system. • https://www.ibm.com/support/pages/node/7172750 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22347 – IBM UrbanCode Velocity information disclosure
https://notcve.org/view.php?id=CVE-2024-22347
20 Jan 2025 — IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7172750 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22348 – IBM UrbanCode Velocity cross-origin resource sharing
https://notcve.org/view.php?id=CVE-2024-22348
20 Jan 2025 — IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. • https://www.ibm.com/support/pages/node/7172750 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •