7.5
CVE-2024-22348
- EPSS 0.35%
- Veröffentlicht 20.01.2025 18:15:13
- Zuletzt bearbeitet 14.08.2025 17:05:52
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM UrbanCode Velocity cross-origin resource sharing
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Devops Velocity Version5.0.0
Ibm ≫ Urbancode Velocity Version >= 4.0.0 <= 4.0.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.262 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
https://www.ibm.com/support/pages/node/7172750