Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM UrbanCode Velocity cross-origin resource sharing
Vulnerability Description
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
过度许可的跨域白名单
Vulnerability Title
IBM DevOps Velocity和IBM UrbanCode Velocity 安全漏洞
Vulnerability Description
IBM DevOps Velocity和IBM UrbanCode Velocity都是美国国际商业机器(IBM)公司的产品。IBM DevOps Velocity是一款企业级发布管理应用程序,支持云原生和本地部署。IBM UrbanCode Velocity是一款企业级的发布管理和价值流管理工具,用于协调和优化 DevOps 工具链。 IBM DevOps Velocity 5.0.0版本和IBM UrbanCode Velocity 4.0.0版本到4.0.25版本存在安全漏洞,该漏洞源于使用跨域资源
CVSS Information
N/A
Vulnerability Type
N/A