CVE-2024-22334
IBM UrbanCode Deploy improper privilege control
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.
IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 e IBM DevOps Deploy 8.0 a 8.0.0.1 podrían ser vulnerables a una revocación incompleta de permisos al eliminar un tipo de recurso de seguridad. Al eliminar un tipo de seguridad personalizado, es posible que los permisos asociados de los objetos que usan ese tipo no se revoquen por completo. Esto podría dar lugar a informes incorrectos de la configuración de permisos y a la retención de privilegios inesperados. ID de IBM X-Force: 279974.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-08 CVE Reserved
- 2024-04-12 CVE Published
- 2024-04-13 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148112 | 2024-04-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| IBM Search vendor "IBM" | UrbanCode Deploy Search vendor "IBM" for product "UrbanCode Deploy" | >= 7.0.0.0 <= 7.0.5.20 Search vendor "IBM" for product "UrbanCode Deploy" and version " >= 7.0.0.0 <= 7.0.5.20" | en |
Affected
| ||||||
| IBM Search vendor "IBM" | UrbanCode Deploy Search vendor "IBM" for product "UrbanCode Deploy" | >= 7.1.0.0 <= 7.1.2.16 Search vendor "IBM" for product "UrbanCode Deploy" and version " >= 7.1.0.0 <= 7.1.2.16" | en |
Affected
| ||||||
| IBM Search vendor "IBM" | UrbanCode Deploy Search vendor "IBM" for product "UrbanCode Deploy" | >= 7.2.0.0 <= 7.2.3.9 Search vendor "IBM" for product "UrbanCode Deploy" and version " >= 7.2.0.0 <= 7.2.3.9" | en |
Affected
| ||||||
| IBM Search vendor "IBM" | UrbanCode Deploy Search vendor "IBM" for product "UrbanCode Deploy" | >= 7.3.0.0 <= 7.3.2.4 Search vendor "IBM" for product "UrbanCode Deploy" and version " >= 7.3.0.0 <= 7.3.2.4" | en |
Affected
| ||||||
| IBM Search vendor "IBM" | DevOps Deploy Search vendor "IBM" for product "DevOps Deploy" | >= 8.0.0.0 <= 8.0.0.1 Search vendor "IBM" for product "DevOps Deploy" and version " >= 8.0.0.0 <= 8.0.0.1" | en |
Affected
| ||||||