CVE-2024-54176

MEDIUM

IBM DevOps Deploy <8.0.1.4, UCD <7.3.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7182840

Scores

CVSS v3 4.3
EPSS 0.0007
EPSS Percentile 22.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-306
Status published
Products (3)
ibm/devops_deploy 8.1.0.0
ibm/devops_deploy 8.0.0.0 - 8.0.1.5
ibm/urbancode_deploy 7.0.0.0 - 7.0.5.26
Published Feb 08, 2025
Tracked Since Feb 18, 2026