CVE-2024-45091Log File Information Exposure in IBM Urbancode Deploy

CWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.2
EPSS
0.0%
top 98.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Urbancode Deploy
Timeline
PublishedJan 21

Description

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/urbancode_deploy7.0.0.07.0.5.25+2
CVEListV5ibm/urbancode_deploy7.07.0.5.24+2

🔴Vulnerability Details

2
CVEList
IBM UrbanCode Deploy information disclosure2025-01-21
GHSA
GHSA-ch3p-w3gc-7p42: IBM UrbanCode Deploy (UCD) 72025-01-21
CVE-2024-45091 — Log File Information Exposure in IBM | cvebase