{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-54176","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2024-11-30T14:47:55.533Z","datePublished":"2025-02-08T16:15:40.041Z","dateUpdated":"2025-02-22T22:12:32.094Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"UrbanCode Deploy","vendor":"IBM","versions":[{"lessThanOrEqual":"7.0.5.25","status":"affected","version":"7.0","versionType":"semver"},{"lessThanOrEqual":"7.1.2.21","status":"affected","version":"7.1","versionType":"semver"},{"lessThanOrEqual":"7.2.3.14","status":"affected","version":"7.2","versionType":"semver"},{"lessThanOrEqual":"7.3.2.9","status":"affected","version":"7.3","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"DevOps Deploy","vendor":"IBM","versions":[{"lessThanOrEqual":"8.0.1.4","status":"affected","version":"8.0","versionType":"semver"},{"lessThanOrEqual":"8.1.0.0","status":"affected","version":"8.1","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."}],"value":"IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"CWE-306 Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-02-22T22:12:32.094Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.ibm.com/support/pages/node/7182840"}],"source":{"discovery":"UNKNOWN"},"title":"IBM UrbanCode Deploy missing authentication","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-54176","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-02-10T13:37:45.492103Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-12T20:51:42.046Z"}}]}}