CVE-2024-45091 - Vulnerability Details - OpenCVE

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm	Urbancode Deploy

Configuration 1 [-]

OR	cpe:2.3:a:ibm:urbancode_deploy::::::::
	cpe:2.3:a:ibm:urbancode_deploy::::::::
	cpe:2.3:a:ibm:urbancode_deploy::::::::

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7177857

History

Wed, 29 Jan 2025 21:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:ibm:urbancode_deploy::::::::

Tue, 21 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 21 Jan 2025 01:00:00 +0000

Type	Values Removed	Values Added
Description		IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
Title		IBM UrbanCode Deploy information disclosure
First Time appeared		Ibm Ibm urbancode Deploy
Weaknesses		CWE-532
CPEs		cpe:2.3:a:ibm:urbancode_deploy:7.0.5.24:::::::* cpe:2.3:a:ibm:urbancode_deploy:7.0:::::::* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.10:::::::* cpe:2.3:a:ibm:urbancode_deploy:7.1:::::::* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.13:::::::* cpe:2.3:a:ibm:urbancode_deploy:7.2:::::::*
Vendors & Products		Ibm Ibm urbancode Deploy
References		https://www.ibm.com/support/pages/node/7177857
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-01-21T00:41:45.398Z

Updated: 2025-01-21T16:41:10.360Z

Reserved: 2024-08-21T19:11:14.496Z

Link: CVE-2024-45091

Vulnrichment

Updated: 2025-01-21T16:41:05.147Z

NVD

Status : Analyzed

Published: 2025-01-21T01:15:07.890

Modified: 2025-01-29T21:12:41.107

Link: CVE-2024-45091

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45091", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-08-21T19:11:14.496Z", "datePublished": "2025-01-21T00:41:45.398Z", "dateUpdated": "2025-01-21T16:41:10.360Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2.3.13:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "UrbanCode Deploy", "vendor": "IBM", "versions": [{"lessThanOrEqual": "7.0.5.24", "status": "affected", "version": "7.0", "versionType": "semver"}, {"lessThanOrEqual": "7.1.2.10", "status": "affected", "version": "7.1", "versionType": "semver"}, {"lessThanOrEqual": "7.2.3.13", "status": "affected", "version": "7.2", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."}], "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-21T00:41:45.398Z"}, "references": [{"url": "https://www.ibm.com/support/pages/node/7177857"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM UrbanCode Deploy information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T16:41:01.015063Z", "id": "CVE-2024-45091", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T16:41:10.360Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-21T16:41:01.015063Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T16:41:05.147Z"}}], "cna": {"title": "IBM UrbanCode Deploy information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2.3.13:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "UrbanCode Deploy", "versions": [{"status": "affected", "version": "7.0", "versionType": "semver", "lessThanOrEqual": "7.0.5.24"}, {"status": "affected", "version": "7.1", "versionType": "semver", "lessThanOrEqual": "7.1.2.10"}, {"status": "affected", "version": "7.2", "versionType": "semver", "lessThanOrEqual": "7.2.3.13"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7177857"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.", "supportingMedia": [{"type": "text/html", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-21T00:41:45.398Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45091", "state": "PUBLISHED", "dateUpdated": "2025-01-21T16:41:10.360Z", "dateReserved": "2024-08-21T19:11:14.496Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-01-21T00:41:45.398Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "matchCriteriaId": "80511D31-6C51-4924-8A5B-6EBB0143D71A", "versionEndExcluding": "7.0.5.25", "versionStartIncluding": "7.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "matchCriteriaId": "155FEF34-86B4-4EF4-AFAD-FBE683C47A1F", "versionEndExcluding": "7.1.2.21", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6443A5C-D341-4460-8002-786B754569A1", "versionEndExcluding": "7.2.3.14", "versionStartIncluding": "7.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."}, {"lang": "es", "value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.24, 7.1 a 7.1.2.10 y 7.2 a 7.2.3.13 almacena informaci\u00f3n potencialmente confidencial en archivos de registro que podr\u00edan ser le\u00eddos por un usuario local con acceso a los registros de solicitudes HTTP."}], "id": "CVE-2024-45091", "lastModified": "2025-01-29T21:12:41.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-21T01:15:07.890", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7177857"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}