Local File Storage Flaw in IBM DevOps Velocity and UrbanCode Products
CVE-2024-22349

3.3LOW

Key Information:

Vendor: IBM
Status: Urbancode Velocity; Devops Velocity
Vendor: CVE Published:; 20 January 2025

What is CVE-2024-22349?

A vulnerability in IBM DevOps Velocity and UrbanCode Velocity allows certain web pages to be stored locally on the system. This could enable unauthorized users to read files intended for other users, potentially compromising sensitive information. It is essential for organizations using these products to apply necessary patches and mitigate risks by following recommended security practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DevOps Velocity 5.0.0

UrbanCode Velocity 4.0.0 <= 4.0.25

References

https://www.ibm.com/support/pages/node/7172750

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2025
Vulnerability Reserved
Jan 8, 2024

JSON

IBM