CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-22347

High Severity
SVRS
56/100
CVSSv3
5.9/10
EPSS
0.0002/1

CVE-2024-22347: Vulnerability in IBM DevOps Velocity and IBM UrbanCode Velocity due to use of weaker cryptographic algorithms. This flaw could allow attackers to potentially decrypt highly sensitive information.

The cryptographic weakness in IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0.25 poses a significant security risk. While the CVSS score is 5.9, indicating medium severity, this vulnerability allows an attacker to decrypt sensitive data. According to SOCRadar, the SOCRadar Vulnerability Risk Score (SVRS) is 56, suggesting a moderate level of risk that warrants attention. This data breach potential makes patching this CVE important to safeguard confidential information. Immediate mitigation steps should be taken to upgrade cryptographic protocols.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2025-01-20
LAST MODIFIED2025-01-21
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-22347 affects IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity versions 4.0.0 through 4.0.25. The vulnerability arises from the use of weak cryptographic algorithms, potentially enabling attackers to decrypt highly sensitive information. While the CVSS score is 5.9, the SOCRadar Vulnerability Risk Score (SVRS) is 46, indicating a moderate vulnerability. While not critical, it still warrants attention and mitigation.

Key Insights

  • Weak Cryptographic Algorithms: The vulnerability stems from the use of cryptographic algorithms weaker than expected. This could allow attackers to circumvent encryption and access sensitive data.
  • Data Confidentiality Breach: Successful exploitation of this vulnerability could lead to the compromise of sensitive information, potentially impacting data confidentiality.
  • Impact on DevOps and UrbanCode Velocity: The vulnerability affects specific versions of IBM DevOps Velocity and IBM UrbanCode Velocity, both of which are popular tools for software development and deployment. This means organizations using these versions are potentially at risk.
  • Limited Information on Exploitation: Currently, there is no information about active exploitation of this vulnerability. However, the potential for data breaches makes it essential to implement preventive measures.

Mitigation Strategies

  • Upgrade to Patched Versions: The first and most effective mitigation strategy is to update to the latest versions of IBM DevOps Velocity and IBM UrbanCode Velocity, which include patches addressing this vulnerability.
  • Implement Strong Encryption: Organizations should ensure that all sensitive information is encrypted using robust and widely accepted cryptographic algorithms. Regularly review and update encryption standards to mitigate evolving threats.
  • Security Awareness Training: Educate users about potential security risks associated with weak cryptography and the importance of following best practices for data security.
  • Regular Vulnerability Scanning: Conduct frequent vulnerability scans to identify and address any weaknesses in your system, ensuring proactive security measures.

Additional Information: If you have any further questions regarding this incident, please use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-22347 | IBM UrbanCode Velocity/DevOps Velocity up to 4.0.25 risky encryption
vuldb.com2025-01-20
CVE-2024-22347 | IBM UrbanCode Velocity/DevOps Velocity up to 4.0.25 risky encryption | A vulnerability was found in IBM UrbanCode Velocity and DevOps Velocity up to 4.0.25. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. This vulnerability is handled as CVE-2024-22347. The attack may be launched remotely. There is no exploit available. It is recommended to
vuldb.com
rss
forum
news

Social Media

New post from https://t.co/uXvPWJy6tj (CVE-2024-22347 | IBM UrbanCode Velocity/DevOps Velocity up to 4.0.25 risky encryption) has been published on https://t.co/GEqlKDOSn0
0
0
0
New post from https://t.co/uXvPWJy6tj (CVE-2024-22347 | IBM UrbanCode Velocity/DevOps Velocity up to 4.0.25 risky encryption) has been published on https://t.co/Y6FuzzKlAQ
0
0
0
CVE-2024-22347 IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt … https://t.co/zvRPruMD1Q
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.ibm.com/support/pages/node/7172750

CWE Details

CWE IDCWE NameDescription
CWE-327Use of a Broken or Risky Cryptographic AlgorithmThe use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence