Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-22334

Опубликовано: 12 апр. 2024
Источник: nvd
CVSS3: 4.4
EPSS Низкий

Описание

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*
Версия от 8.0.0.0 (включая) до 8.0.1.0 (исключая)
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
Версия от 7.0.0.0 (включая) до 7.0.5.21 (исключая)
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
Версия от 7.1.0.0 (включая) до 7.1.2.17 (исключая)
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*
Версия от 7.2.0.0 (включая) до 7.2.3.10 (исключая)

EPSS

Процентиль: 8%
0.00029
Низкий

4.4 Medium

CVSS3

Дефекты

CWE-732

Связанные уязвимости

github логотип

GHSA-qmmh-x7m4-pr56

CVSS3: 4.4
github
почти 2 года назад

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.

EPSS

Процентиль: 8%
0.00029
Низкий

4.4 Medium

CVSS3

Дефекты

CWE-732