CVE-2024-55904

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
ibmdevops_deploy
8.0.0.0 ≤
𝑥
< 8.0.1.5
ibmdevops_deploy
8.1.0.0
ibmurbancode_deploy
7.0.0.0 ≤
𝑥
< 7.0.5.26
ibmurbancode_deploy
7.1.0.0 ≤
𝑥
< 7.1.2.22
ibmurbancode_deploy
7.2.0.0 ≤
𝑥
< 7.2.3.15
ibmurbancode_deploy
7.3.0.0 ≤
𝑥
< 7.3.2.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7182841