CVE-2024-55904 HIGH

CVE-2024-55904: IBM DevOps Deploy / IBM UrbanCode Deploy command injection

Vendor Ibm

Product UrbanCode Deploy

Weakness CWE-78

Published February 14, 2025

Last update February 14, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.

Key dates

02Disclosure timeline

February 14, 2025 CVE published

February 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-55904

Related vulnerabilities

Identifiers

CVE CVE-2024-55904

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions

Vendor Ibm

Product UrbanCode Deploy

Affected ≥ 7.0 and ≤ 7.0.5.25

Vendor Ibm

Product UrbanCode Deploy

Affected ≥ 7.1 and ≤ 7.1.2.21

Vendor Ibm

Product UrbanCode Deploy

Affected ≥ 7.2 and ≤ 7.2.3.14

Vendor Ibm

Product UrbanCode Deploy

Affected ≥ 7.3 and ≤ 7.3.2.9

Vendor Ibm

Product DevOps Deploy

Affected ≥ 8.0 and ≤ 8.0.1.4

Vendor Ibm

Product DevOps Deploy

Affected ≥ 8.1 and ≤ 8.1.0.0

CVE-2024-55904: IBM DevOps Deploy / IBM UrbanCode Deploy command injection

01Description

02Disclosure timeline

03References

04Related CVE