7.2
CVE-2024-55904
- EPSS 0.6%
- Veröffentlicht 14.02.2025 04:15:08
- Zuletzt bearbeitet 18.08.2025 18:14:40
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM DevOps Deploy / IBM UrbanCode Deploy command injection
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Devops Deploy Version >= 8.0.0.0 < 8.0.1.5
Ibm ≫ Devops Deploy Version8.1.0.0
Ibm ≫ Urbancode Deploy Version >= 7.0.0.0 < 7.0.5.26
Ibm ≫ Urbancode Deploy Version >= 7.1.0.0 < 7.1.2.22
Ibm ≫ Urbancode Deploy Version >= 7.2.0.0 < 7.2.3.15
Ibm ≫ Urbancode Deploy Version >= 7.3.0.0 < 7.3.2.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.695 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.