CVE-2024-22334

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/279974
https://www.ibm.com/support/pages/node/7148112

Configurations

No configuration.

History

15 Apr 2024, 13:15

Type	Values Removed	Values Added
Summary		(es) IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 e IBM DevOps Deploy 8.0 a 8.0.0.1 podrían ser vulnerables a una revocación incompleta de permisos al eliminar un tipo de recurso de seguridad. Al eliminar un tipo de seguridad personalizado, es posible que los permisos asociados de los objetos que usan ese tipo no se revoquen por completo. Esto podría dar lugar a informes incorrectos de la configuración de permisos y a la retención de privilegios inesperados. ID de IBM X-Force: 279974.

12 Apr 2024, 17:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-12 17:17

Updated : 2024-04-15 13:15

NVD link : CVE-2024-22334

Mitre link : CVE-2024-22334

CVE.ORG link : CVE-2024-22334

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

4.4 /10