Name of the Vulnerable Software and Affected Versions:

IBM DevOps Velocity version 5.0.0

IBM UrbanCode Velocity versions 4.0.0 through 4.0.25

Description:

The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. This could enable a remote attacker to gain unauthorized access to protected information.

Recommendations:

For IBM DevOps Velocity version 5.0.0, update to a version that uses stronger cryptographic algorithms.

For IBM UrbanCode Velocity versions 4.0.0 through 4.0.25, update to a version that uses stronger cryptographic algorithms.

As a temporary workaround, consider restricting access to sensitive information until a patch is available.