- Description
- IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
- Source
- psirt@us.ibm.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- psirt@us.ibm.com
- CWE-942
- Hype score
- Not currently trending
New post from https://t.co/uXvPWJy6tj (CVE-2024-22348 | IBM UrbanCode Velocity/DevOps Velocity Trusted Domain cross-domain policy) has been published on https://t.co/4CHV355oaR
@WolfgangSesin
20 Jan 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2024-22348 | IBM UrbanCode Velocity/DevOps Velocity Trusted Domain cross-domain policy) has been published on https://t.co/xaTk5Mcjjn
@WolfgangSesin
20 Jan 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-22348 Improper CORS Implementation Enables Unauthorized Actions in IBM Velocity https://t.co/glb4kW7QMW
@VulmonFeeds
20 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-22348 IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privil… https://t.co/ukisuyNF3p
@CVEnew
20 Jan 2025
591 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes