CVE-2024-55904 – This vulnerability allows authenticated privile... (How to Fix)

Q: What is the severity of CVE-2024-55904?

CVE-2024-55904 has a CVSS score of 7.2 (HIGH). This vulnerability allows authenticated privileged attackers to execute arbitrary commands on IBM DevOps Deploy and UrbanCode Deploy systems by sending specially crafted input. It affects multiple versions of both products, potentially leading to complete system compromise. Attackers must have authenticated privileged access to exploit this vulnerability.

📋 TL;DR

This vulnerability allows authenticated privileged attackers to execute arbitrary commands on IBM DevOps Deploy and UrbanCode Deploy systems by sending specially crafted input. It affects multiple versions of both products, potentially leading to complete system compromise. Attackers must have authenticated privileged access to exploit this vulnerability.

💻 Affected Systems

Products:

IBM DevOps Deploy
IBM UrbanCode Deploy

Versions: IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0; IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, 7.3 through 7.3.2.9

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated privileged user access. All default configurations of affected versions are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining full control over the deployment server, potentially accessing sensitive deployment credentials, modifying production systems, and establishing persistence.

🟠

Likely Case

Privilege escalation leading to unauthorized access to deployment pipelines, credential theft, and potential lateral movement to connected systems.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and minimal privileged user accounts.

🌐 Internet-Facing: MEDIUM - While authentication is required, exposed instances could be targeted by attackers who have obtained or guessed credentials.

🏢 Internal Only: HIGH - Internal privileged users or compromised accounts could exploit this to gain elevated access and move laterally within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated privileged access and knowledge of the specific input manipulation needed to trigger command injection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: IBM DevOps Deploy 8.0.1.5, 8.1.0.1; IBM UrbanCode Deploy 7.0.5.26, 7.1.2.22, 7.2.3.15, 7.3.2.10

Vendor Advisory: https://www.ibm.com/support/pages/node/7182841

Restart Required: No

Instructions:

1. Download the appropriate fix pack from IBM Fix Central. 2. Follow IBM's installation instructions for your specific version. 3. Verify successful installation by checking version numbers.

🔧 Temporary Workarounds

Restrict Privileged Access

all

Minimize the number of users with privileged access to the deployment systems to reduce attack surface.

Network Segmentation

all

Isolate deployment servers from critical production systems and implement strict network access controls.

🧯 If You Can't Patch

Implement strict access controls and monitor all privileged user activity on deployment servers.
Deploy application-level firewalls or WAFs to detect and block command injection attempts.

🔍 How to Verify

Check if Vulnerable:

Check your IBM DevOps Deploy or UrbanCode Deploy version against the affected version ranges listed above.

Check Version:

Check the product's web interface or installation directory for version information. For UrbanCode Deploy, check the version.txt file in the installation directory.

Verify Fix Applied:

Verify that your version is equal to or higher than the patched versions: DevOps Deploy 8.0.1.5+, 8.1.0.1+; UrbanCode Deploy 7.0.5.26+, 7.1.2.22+, 7.2.3.15+, 7.3.2.10+

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in deployment logs
Multiple failed authentication attempts followed by successful privileged access
Unexpected system commands executed through deployment processes

Network Indicators:

Unusual outbound connections from deployment servers
Traffic patterns indicating command and control activity

SIEM Query:

source="ibm-deploy" AND (event_type="command_execution" OR cmdline="*;*" OR cmdline="*|*" OR cmdline="*`*`)

📊 Metadata

CVE ID: CVE-2024-55904

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.11% exploit probability (29th percentile)

Published: February 14, 2025

Last Updated: August 18, 2025

🔗 References

https://www.ibm.com/support/pages/node/7182841 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55904, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Devops Deploy by Ibm

Devops Deploy by Ibm

Urbancode Deploy by Ibm

Urbancode Deploy by Ibm

Urbancode Deploy by Ibm

Urbancode Deploy by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Privileged Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities