Cross-Origin Resource Sharing Flaw in IBM DevOps Velocity and UrbanCode Velocity
CVE-2024-22348

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Velocity; Devops Velocity
Vendor: CVE Published:; 20 January 2025

Summary

IBM DevOps Velocity versions 5.0.0 and IBM UrbanCode Velocity versions 4.0.0 to 4.0.25 contain a Cross-Origin Resource Sharing (CORS) vulnerability. This flaw allows unauthorized users to perform privileged actions and access sensitive information, as the application does not sufficiently restrict its domain name to trusted sources. This oversight may lead to data leaks and compromise the integrity of web applications that rely on these products for deployment and management.

Affected Version(s)

DevOps Velocity 5.0.0

UrbanCode Velocity 4.0.0 <= 4.0.25

References

https://www.ibm.com/support/pages/node/7172750

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2025
Vulnerability Reserved
Jan 8, 2024