CVE-2024-54176

Name of the Vulnerable Software and Affected Versions IBM DevOps Deploy versions 8.0 through 8.0.1.4 IBM DevOps Deploy versions 8.1 through 8.1.0.0 IBM UrbanCode Deploy versions 7.0 through 7.0.5.25 IBM UrbanCode Deploy versions 7.1 through 7.1.2.21 IBM UrbanCode Deploy versions 7.2 through 7.2.3.14 IBM UrbanCode Deploy versions 7.3 through 7.3.2

Description The issue allows an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

Recommendations IBM DevOps Deploy versions 8.0 through 8.0.1.4: Restrict access to sensitive user information until a patch is available. IBM DevOps Deploy versions 8.1 through 8.1.0.0: Restrict access to sensitive user information until a patch is available. IBM UrbanCode Deploy versions 7.0 through 7.0.5.25: Restrict access to sensitive user information until a patch is available. IBM UrbanCode Deploy versions 7.1 through 7.1.2.21: Restrict access to sensitive user information until a patch is available. IBM UrbanCode Deploy versions 7.2 through 7.2.3.14: Restrict access to sensitive user information until a patch is available. IBM UrbanCode Deploy versions 7.3 through 7.3.2: Restrict access to sensitive user information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.