CVE-2024-55904

EUVD-2024-52845
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
ibmdevops_deploy
8.0.0.0 ≤
𝑥
< 8.0.1.5
ibmdevops_deploy
8.1.0.0
ibmurbancode_deploy
7.0.0.0 ≤
𝑥
< 7.0.5.26
ibmurbancode_deploy
7.1.0.0 ≤
𝑥
< 7.1.2.22
ibmurbancode_deploy
7.2.0.0 ≤
𝑥
< 7.2.3.15
ibmurbancode_deploy
7.3.0.0 ≤
𝑥
< 7.3.2.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7182841