CVE-2024-45091 – IBM UrbanCode Deploy versions 7.0 through 7.2.3... (How to Fix)

Q: What is the severity of CVE-2024-45091?

CVE-2024-45091 has a CVSS score of 6.2 (MEDIUM). IBM UrbanCode Deploy versions 7.0 through 7.2.3.13 store sensitive information in HTTP request logs that could be read by local users. This information disclosure vulnerability allows attackers with local access to potentially obtain credentials or other sensitive data. Organizations running affected UCD versions are at risk.

📋 TL;DR

IBM UrbanCode Deploy versions 7.0 through 7.2.3.13 store sensitive information in HTTP request logs that could be read by local users. This information disclosure vulnerability allows attackers with local access to potentially obtain credentials or other sensitive data. Organizations running affected UCD versions are at risk.

💻 Affected Systems

Products:

IBM UrbanCode Deploy

Versions: 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13

Operating Systems: All platforms running UCD

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations within the specified version ranges regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers obtain administrative credentials or API keys from logs, leading to full system compromise, data theft, or unauthorized deployment actions.

🟠

Likely Case

Local users or compromised accounts access sensitive configuration data, authentication tokens, or deployment secrets from log files.

🟢

If Mitigated

With proper access controls and log file permissions, only authorized administrators can access logs, limiting exposure to trusted personnel.

🌐 Internet-Facing: LOW - This requires local access to the server, not remote exploitation.

🏢 Internal Only: MEDIUM - Internal users with local access to UCD servers could exploit this, but requires existing access to the system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to read log files; no special tools or techniques needed beyond file read permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.5.25, 7.1.2.11, 7.2.3.14 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/7177857

Restart Required: Yes

Instructions:

1. Download appropriate fix pack from IBM Fix Central. 2. Backup current installation. 3. Stop UCD server. 4. Apply fix pack. 5. Restart UCD server. 6. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Restrict log file permissions

linux

Set strict file permissions on UCD log directories to prevent unauthorized access

chmod 600 /opt/ibm-ucd/server/logs/*.log
chown ucd:ucd /opt/ibm-ucd/server/logs/*.log

Enable log encryption/redaction

all

Configure UCD to encrypt or redact sensitive information in logs

🧯 If You Can't Patch

Implement strict access controls on UCD server directories and log files
Regularly monitor and audit access to UCD log files for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check UCD version via web interface or server.properties file; versions 7.0.5.24 and earlier, 7.1.2.10 and earlier, or 7.2.3.13 and earlier are vulnerable.

Check Version:

grep 'version=' /opt/ibm-ucd/server/conf/server.properties

Verify Fix Applied:

Verify UCD version is 7.0.5.25+, 7.1.2.11+, or 7.2.3.14+; check that sensitive data no longer appears in HTTP request logs.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to log directories
Patterns of sensitive data exposure in log files

Network Indicators:

N/A - local file access only

SIEM Query:

source="ucd_logs" AND (event_type="file_access" AND file_path="*logs/*.log") AND user!="authorized_admin"

📊 Metadata

CVE ID: CVE-2024-45091

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-532

EPSS Score: 0.01% exploit probability (2.1th percentile)

Published: January 21, 2025

Last Updated: January 29, 2025

🔗 References

https://www.ibm.com/support/pages/node/7177857 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45091, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Urbancode Deploy by Ibm

Urbancode Deploy by Ibm

Urbancode Deploy by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict log file permissions

Enable log encryption/redaction

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities