CVE-2024-22339Log File Information Exposure in IBM Devops Deploy

CWE-532Log File Information ExposureCWE-89SQL Injection4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 75.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Devops DeployIBM Urbancode Deploy
Timeline
PublishedApr 12

Description

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

NVDibm/devops_deploy8.0.0.08.0.1.0
NVDibm/urbancode_deploy7.0.0.07.0.5.21+3
CVEListV5ibm/devops_deploy8.08.0.0.1
CVEListV5ibm/urbancode_deploy7.07.0.5.20+3

🔴Vulnerability Details

3
CVEList
IBM UrbanCode Deploy information disclosure2024-04-12
GHSA
GHSA-75rx-c73c-98q9: IBM UrbanCode Deploy (UCD) 72024-04-12
GHSA
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability2024-04-02
CVE-2024-22339 — Log File Information Exposure in IBM | cvebase