CVE-2024-22347

Name of the Vulnerable Software and Affected Versions IBM DevOps Velocity version 5.0.0 IBM UrbanCode Velocity versions 4.0.0 through 4.0.25

Description The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. This could enable a remote attacker to gain unauthorized access to protected information.

Recommendations For IBM DevOps Velocity version 5.0.0, update to a version that uses stronger cryptographic algorithms. For IBM UrbanCode Velocity versions 4.0.0 through 4.0.25, update to a version that uses stronger cryptographic algorithms. As a temporary workaround, consider restricting access to sensitive information until a patch is available.