PT-2025-6721 · Ibm · Ibm Urbancode Deploy+1

Matteo Zocca

Published

2025-02-14

Updated

2025-08-18

CVE-2024-55904

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM DevOps Deploy versions 8.0 through 8.0.1.4 IBM DevOps Deploy versions 8.1 through 8.1.0.0 IBM UrbanCode Deploy versions 7.0 through 7.0.5.25 IBM UrbanCode Deploy versions 7.1 through 7.1.2.21 IBM UrbanCode Deploy versions 7.2 through 7.2.3.14 IBM UrbanCode Deploy versions 7.3 through 7.3.2.9

Description The issue allows a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.

Recommendations For IBM DevOps Deploy versions 8.0 through 8.0.1.4, update to a version outside of this range. For IBM DevOps Deploy versions 8.1 through 8.1.0.0, update to a version outside of this range. For IBM UrbanCode Deploy versions 7.0 through 7.0.5.25, update to a version outside of this range. For IBM UrbanCode Deploy versions 7.1 through 7.1.2.21, update to a version outside of this range. For IBM UrbanCode Deploy versions 7.2 through 7.2.3.14, update to a version outside of this range. For IBM UrbanCode Deploy versions 7.3 through 7.3.2.9, update to a version outside of this range.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2024-55904

Affected Products

Ibm Devops Deploy

Ibm Urbancode Deploy

PT-2025-6721 · Ibm · Ibm Urbancode Deploy+1

CVE-2024-55904

Weakness Enumeration

Related Identifiers

Affected Products

References · 7