CVE-2024-22334

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22334
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 VDB Entry
https://www.ibm.com/support/pages/node/7148112 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 VDB Entry
https://www.ibm.com/support/pages/node/7148112 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
History

29 Jan 2025, 21:27

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 - VDB Entry
References () https://www.ibm.com/support/pages/node/7148112 - () https://www.ibm.com/support/pages/node/7148112 - Vendor Advisory
First Time Ibm devops Deploy
Ibm
Ibm urbancode Deploy
CPE cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*

21 Nov 2024, 08:56

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 -
References () https://www.ibm.com/support/pages/node/7148112 - () https://www.ibm.com/support/pages/node/7148112 -

15 Apr 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 e IBM DevOps Deploy 8.0 a 8.0.0.1 podrían ser vulnerables a una revocación incompleta de permisos al eliminar un tipo de recurso de seguridad. Al eliminar un tipo de seguridad personalizado, es posible que los permisos asociados de los objetos que usan ese tipo no se revoquen por completo. Esto podría dar lugar a informes incorrectos de la configuración de permisos y a la retención de privilegios inesperados. ID de IBM X-Force: 279974.

12 Apr 2024, 17:17

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-12 17:17

Updated : 2025-01-29 21:27

NVD link : CVE-2024-22334

Mitre link : CVE-2024-22334

CVE.ORG link : CVE-2024-22334

JSON object : View

Products Affected

ibm

  • urbancode_deploy
  • devops_deploy
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource