Local File Storage Flaw in IBM DevOps Velocity and UrbanCode Products
CVE-2024-22349

4MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Velocity; Devops Velocity
Vendor: CVE Published:; 20 January 2025

What is CVE-2024-22349?

A vulnerability in IBM DevOps Velocity and UrbanCode Velocity allows certain web pages to be stored locally on the system. This could enable unauthorized users to read files intended for other users, potentially compromising sensitive information. It is essential for organizations using these products to apply necessary patches and mitigate risks by following recommended security practices.

Affected Version(s)

DevOps Velocity 5.0.0

UrbanCode Velocity 4.0.0 <= 4.0.25

References

https://www.ibm.com/support/pages/node/7172750

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2025
Vulnerability Reserved
Jan 8, 2024