Weak Cryptographic Algorithms in IBM DevOps Velocity and UrbanCode Velocity
CVE-2024-22347

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Velocity; Devops Velocity
Vendor: CVE Published:; 20 January 2025

Summary

IBM DevOps Velocity and IBM UrbanCode Velocity are exposed to vulnerabilities due to the use of cryptographic algorithms that do not meet expected security standards. This weakness could allow attackers to decrypt highly sensitive information, potentially leading to data breaches and unauthorized access. It is crucial for users to address these vulnerabilities by updating to secure versions and reviewing their cryptographic practices.

Affected Version(s)

DevOps Velocity 5.0.0

UrbanCode Velocity 4.0.0 <= 4.0.25

References

https://www.ibm.com/support/pages/node/7172750

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2025
Vulnerability Reserved
Jan 8, 2024