CVE-2024-54176

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
References
Link Resource
https://www.ibm.com/support/pages/node/7182840 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*

History

15 Aug 2025, 12:33

Type Values Removed Values Added
First Time Ibm devops Deploy
Ibm
Ibm urbancode Deploy
CPE cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
Summary
  • (es) IBM DevOps Deploy 8.0 a 8.0.1.4, 8.1 a 8.1.0.0 e IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.25, 7.1 a 7.1.2.21, 7.2 a 7.2.3.14 y 7.3 a 7.3.2 podrían permitir que un usuario autenticado obtenga información confidencial sobre otros usuarios en el sistema debido a la falta de autorización para una función.
References () https://www.ibm.com/support/pages/node/7182840 - () https://www.ibm.com/support/pages/node/7182840 - Vendor Advisory

08 Feb 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-08 17:15

Updated : 2025-08-15 12:33


NVD link : CVE-2024-54176

Mitre link : CVE-2024-54176

CVE.ORG link : CVE-2024-54176


JSON object : View

Products Affected

ibm

  • devops_deploy
  • urbancode_deploy
CWE
CWE-306

Missing Authentication for Critical Function