CVE-2024-55904OS Command Injection in IBM Devops Deploy

CWE-78OS Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.6%
top 30.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Devops DeployIBM Urbancode Deploy
Timeline
PublishedFeb 14

Description

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

NVDibm/devops_deploy8.0.0.08.0.1.5+1
NVDibm/urbancode_deploy7.0.0.07.0.5.26+3
CVEListV5ibm/devops_deploy8.08.0.1.4+1
CVEListV5ibm/urbancode_deploy7.07.0.5.25+3

🔴Vulnerability Details

2
CVEList
IBM DevOps Deploy / IBM UrbanCode Deploy command injection2025-02-14
GHSA
GHSA-qh3r-9hx2-h8wx: IBM DevOps Deploy 82025-02-14
CVE-2024-55904 — OS Command Injection in IBM | cvebase