CVE-2024-22349— IBM UrbanCode Velocity information disclosure
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-22349
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM UrbanCode Velocity information disclosure
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过浏览器缓存导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM DevOps Velocity和IBM UrbanCode Velocity 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM DevOps Velocity和IBM UrbanCode Velocity都是美国国际商业机器(IBM)公司的产品。IBM DevOps Velocity是一款企业级发布管理应用程序,支持云原生和本地部署。IBM UrbanCode Velocity是一款企业级的发布管理和价值流管理工具,用于协调和优化 DevOps 工具链。 IBM DevOps Velocity 5.0.0版本和IBM UrbanCode Velocity 4.0.0版本至4.0.15版本存在安全漏洞,该漏洞源于允许将网页存
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM | UrbanCode Velocity | 4.0.0 ~ 4.0.25 | cpe:2.3:a:ibm:urbancode_velocity:4.0.0:*:*:*:*:*:*:* | |
| IBM | DevOps Velocity | 5.0.0 | cpe:2.3:a:ibm:devops_velocity:5.0.0:*:*:*:*:*:*:* |
II. Public POCs for CVE-2024-22349
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-22349
请登录查看更多情报信息。
Same Patch Batch · IBM · 2025-01-20 · 4 CVEs total
| CVE-2024-22347 | 5.9 MEDIUM | IBM UrbanCode Velocity information disclosure |
| CVE-2024-45647 | 5.6 MEDIUM | IBM Security Verify Access unverified password change |
| CVE-2024-22348 | 5.3 MEDIUM | IBM UrbanCode Velocity cross-origin resource sharing |
IV. Related Vulnerabilities
Same vendor: IBM
- CVE-2026-1577
IBM® Db2® is vulnerable to a denial of service with a specia - CVE-2025-36122
IBM® Db2® is vulnerable to a denial of service with a specia - CVE-2025-14688
IBM® Db2® is vulnerable to a denial of service when fetching - CVE-2026-2311
IBM i is affected by a privilege escalation vulnerability in - CVE-2025-36180
Inadequate Pod Communication Restrictions, affects watsonx.d
Same weakness: CWE-525
- CVE-2026-41322
@astrojs/node: Cache Poisoning due to incorrect error handli - CVE-2025-15554
Admin Passwords Cached by Browsers in Truesec LAPSWebUI - CVE-2025-36364
IBM DevOps Plan REST APIs are vulnerable to exposure of sens - CVE-2026-24437
Tenda W30E V2 Missing Cache Controls for Credential-bearing - CVE-2025-52659
HCL AION is affected by a Cacheable HTTP Response vulnerabil
V. Comments for CVE-2024-22349
No comments yet