CVE-2024-56469

CWE-306Missing Authentication3 documents3 sources
Severity
6.3MEDIUM
EPSS
0.0%
top 85.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Devops DeployIBM Urbancode Deploy
Timeline
PublishedMar 27

Description

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages4 packages

NVDibm/devops_deploy8.0.0.08.0.1.5+1
NVDibm/urbancode_deploy7.1.0.07.1.2.23+2
CVEListV5ibm/devops_deploy8.08.0.1.5+1
CVEListV5ibm/urbancode_deploy7.17.1.2.22+2

🔴Vulnerability Details

2
GHSA
GHSA-3jrc-j5p2-v7xj: IBM UrbanCode Deploy (UCD) 72025-03-27
CVEList
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication2025-03-27
CVE-2024-56469 (MEDIUM CVSS 6.3) | IBM UrbanCode Deploy (UCD) 7.1 thro | cvebase.io