{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-56469", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-12-26T12:51:26.633Z", "datePublished": "2025-03-27T14:32:51.723Z", "dateUpdated": "2025-09-01T10:14:14.162Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.3.2.10:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "UrbanCode Deploy", "vendor": "IBM", "versions": [{"lessThanOrEqual": "7.1.2.22", "status": "affected", "version": "7.1", "versionType": "semver"}, {"lessThanOrEqual": "7.2.3.15", "status": "affected", "version": "7.2", "versionType": "semver"}, {"lessThanOrEqual": "7.3.2.10", "status": "affected", "version": "7.3", "versionType": "semver"}]}, {"cpes": ["cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.1.0.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "DevOps Deploy", "vendor": "IBM", "versions": [{"lessThanOrEqual": "8.0.1.5", "status": "affected", "version": "8.0", "versionType": "semver"}, {"lessThanOrEqual": "8.1.0.1", "status": "affected", "version": "8.1", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."}], "value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-01T10:14:14.162Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7229031"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-27T15:09:59.879895Z", "id": "CVE-2024-56469", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T15:10:02.778Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-56469", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-27T15:09:59.879895Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T15:09:50.861Z"}}], "cna": {"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.3.2.10:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "UrbanCode Deploy", "versions": [{"status": "affected", "version": "7.1", "versionType": "semver", "lessThanOrEqual": "7.1.2.22"}, {"status": "affected", "version": "7.2", "versionType": "semver", "lessThanOrEqual": "7.2.3.15"}, {"status": "affected", "version": "7.3", "versionType": "semver", "lessThanOrEqual": "7.3.2.10"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.1.0.1:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "DevOps Deploy", "versions": [{"status": "affected", "version": "8.0", "versionType": "semver", "lessThanOrEqual": "8.0.1.5"}, {"status": "affected", "version": "8.1", "versionType": "semver", "lessThanOrEqual": "8.1.0.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7229031", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.", "supportingMedia": [{"type": "text/html", "value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-01T10:14:14.162Z"}}}, "cveMetadata": {"cveId": "CVE-2024-56469", "state": "PUBLISHED", "dateUpdated": "2025-09-01T10:14:14.162Z", "dateReserved": "2024-12-26T12:51:26.633Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-03-27T14:32:51.723Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65", "versionEndExcluding": "8.0.1.5", "versionStartIncluding": "8.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "matchCriteriaId": "A45F2EBB-0A41-4731-8F8B-62D9BE418D35", "versionEndExcluding": "7.1.2.23", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "matchCriteriaId": "A230C986-7C8F-427E-8190-C249E44AB782", "versionEndExcluding": "7.2.3.16", "versionStartIncluding": "7.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "matchCriteriaId": "89A8087E-4FC6-42F1-89D6-C17095EFF772", "versionEndExcluding": "7.3.2.11", "versionStartIncluding": "7.3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."}, {"lang": "es", "value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.22, 7.2 a 7.2.3.15 y 7.3 a 7.3.2.10 / IBM DevOps Deploy 8.0 a 8.0.1.5 y 8.1 a 8.1.0.1 podr\u00edan permitir el acceso no autorizado a otros servicios o la posible exposici\u00f3n de datos confidenciales debido a la falta de autenticaci\u00f3n en su servicio Agent Relay."}], "id": "CVE-2024-56469", "lastModified": "2025-08-14T01:58:37.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-03-27T15:15:53.960", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7229031"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}