CVE-2024-22334

Name of the Vulnerable Software and Affected Versions IBM UrbanCode Deploy versions 7.0 through 7.0.5.20 IBM UrbanCode Deploy versions 7.1 through 7.1.2.16 IBM UrbanCode Deploy versions 7.2 through 7.2.3.9 IBM UrbanCode Deploy versions 7.3 through 7.3.2.4 IBM DevOps Deploy versions 8.0 through 8.0.0.1

Description The issue is related to the incomplete revocation of permissions when deleting a custom security resource type. When a custom security type is deleted, the associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained.

Recommendations For IBM UrbanCode Deploy versions 7.0 through 7.0.5.20, update to a version later than 7.0.5.20 to resolve the issue. For IBM UrbanCode Deploy versions 7.1 through 7.1.2.16, update to a version later than 7.1.2.16 to resolve the issue. For IBM UrbanCode Deploy versions 7.2 through 7.2.3.9, update to a version later than 7.2.3.9 to resolve the issue. For IBM UrbanCode Deploy versions 7.3 through 7.3.2.4, update to a version later than 7.3.2.4 to resolve the issue. For IBM DevOps Deploy versions 8.0 through 8.0.0.1, update to a version later than 8.0.0.1 to resolve the issue.