CVE-2024-56469 MEDIUM

CVE-2024-56469: IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication

Vendor Ibm
Product UrbanCode Deploy
Weakness CWE-306 · Missing auth
Published March 27, 2025
Last update September 1, 2025

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

Key dates

02Disclosure timeline

March 27, 2025 CVE published
September 1, 2025 Record updated