Unauthorized Access Risk in IBM UrbanCode Deploy Agent Relay Service
CVE-2024-56469

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy; Devops Deploy
Vendor: CVE Published:; 27 March 2025

What is CVE-2024-56469?

IBM UrbanCode Deploy and IBM DevOps Deploy suffer from a significant vulnerability in their Agent Relay service due to inadequate authentication mechanisms. This flaw enables unauthorized users to gain access to critical services, potentially exposing sensitive information and affecting the overall security of deployments. Versions 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 of UrbanCode Deploy, along with versions 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 of DevOps Deploy, are affected. Organizations using these products should prioritize implementing recommended mitigations to safeguard their systems.

Affected Version(s)

DevOps Deploy 8.0 <= 8.0.1.5

DevOps Deploy 8.1 <= 8.1.0.1

UrbanCode Deploy 7.1 <= 7.1.2.22

References

https://www.ibm.com/support/pages/node/7229031

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Dec 26, 2024