{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-56469","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2024-12-26T12:51:26.633Z","datePublished":"2025-03-27T14:32:51.723Z","dateUpdated":"2025-09-01T10:14:14.162Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.1.2.22:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.2.3.15:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.3.2.10:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"UrbanCode Deploy","vendor":"IBM","versions":[{"lessThanOrEqual":"7.1.2.22","status":"affected","version":"7.1","versionType":"semver"},{"lessThanOrEqual":"7.2.3.15","status":"affected","version":"7.2","versionType":"semver"},{"lessThanOrEqual":"7.3.2.10","status":"affected","version":"7.3","versionType":"semver"}]},{"cpes":["cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:devops_deploy:8.0.1.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:devops_deploy:8.1.0.1:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"DevOps Deploy","vendor":"IBM","versions":[{"lessThanOrEqual":"8.0.1.5","status":"affected","version":"8.0","versionType":"semver"},{"lessThanOrEqual":"8.1.0.1","status":"affected","version":"8.1","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."}],"value":"IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"CWE-306 Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-09-01T10:14:14.162Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7229031"}],"source":{"discovery":"UNKNOWN"},"title":"IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-27T15:09:59.879895Z","id":"CVE-2024-56469","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-27T15:10:02.778Z"}}]}}