CVE-2024-22358
published 2024-04-12CVE-2024-22358: IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | devops_deploy | 8.0 – 8.0.0.1 | — |
| ibm | devops_deploy | >= 8.0.0.0 < 8.0.1.0 | 8.0.1.0 |
| ibm | urbancode_deploy | 7.0 – 7.0.5.20 | — |
| ibm | urbancode_deploy | >= 7.0.0.0 < 7.0.5.21 | 7.0.5.21 |
| ibm | urbancode_deploy | 7.1 – 7.1.2.16 | — |
| ibm | urbancode_deploy | >= 7.1.0.0 < 7.1.2.17 | 7.1.2.17 |
| ibm | urbancode_deploy | 7.2 – 7.2.3.9 | — |
| ibm | urbancode_deploy | >= 7.2.0.0 < 7.2.3.10 | 7.2.3.10 |
| ibm | urbancode_deploy | 7.3 – 7.3.2.4 | — |
| ibm | urbancode_deploy | >= 7.3.0.0 < 7.3.2.5 | 7.3.2.5 |