Search criteria
48 vulnerabilities found for devops_deploy by ibm
FKIE_CVE-2025-36360
Vulnerability from fkie_nvd - Published: 2025-12-15 20:15 - Updated: 2025-12-18 18:00
Severity ?
Summary
IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7254661 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "566A98BF-76EF-4D0F-9F18-B0EADEDC9FDE",
"versionEndExcluding": "8.0.1.11",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "749B35C4-217A-4507-A9FB-85C7907D837B",
"versionEndExcluding": "8.1.2.4",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFA32A6-29C3-40DD-9D89-F496104E6DBD",
"versionEndExcluding": "7.1.2.28",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "019C63D6-3DDA-432D-8D7D-62801E732796",
"versionEndExcluding": "7.2.3.21",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B633DCF4-FB02-4081-A2E1-E38050C5EF04",
"versionEndExcluding": "7.3.2.16",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions."
}
],
"id": "CVE-2025-36360",
"lastModified": "2025-12-18T18:00:06.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-12-15T20:15:50.237",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7254661"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-14148
Vulnerability from fkie_nvd - Published: 2025-12-15 20:15 - Updated: 2025-12-18 17:53
Severity ?
Summary
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7254663 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "749B35C4-217A-4507-A9FB-85C7907D837B",
"versionEndExcluding": "8.1.2.4",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token."
}
],
"id": "CVE-2025-14148",
"lastModified": "2025-12-18T17:53:31.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-12-15T20:15:49.043",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7254663"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-13489
Vulnerability from fkie_nvd - Published: 2025-12-15 20:15 - Updated: 2025-12-26 14:15
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7254662 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "749B35C4-217A-4507-A9FB-85C7907D837B",
"versionEndExcluding": "8.1.2.4",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
}
],
"id": "CVE-2025-13489",
"lastModified": "2025-12-26T14:15:57.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-15T20:15:48.763",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7254662"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-36162
Vulnerability from fkie_nvd - Published: 2025-09-02 19:15 - Updated: 2025-12-18 17:51
Severity ?
Summary
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7243830 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A01DEE34-9B0E-4629-8C3B-4FD7764D8558",
"versionEndExcluding": "8.1.2.2",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system."
}
],
"id": "CVE-2025-36162",
"lastModified": "2025-12-18T17:51:13.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-09-02T19:15:31.223",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7243830"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-497"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1997
Vulnerability from fkie_nvd - Published: 2025-03-27 15:15 - Updated: 2025-09-29 18:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7229035 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79421241-7D68-4B82-A53D-A47986F05FE9",
"versionEndExcluding": "7.0.5.26",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5225DF4D-BDFD-4ECE-843E-6E51B00D0DCD",
"versionEndExcluding": "7.1.2.22",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB1BD1-C6C2-4B72-9FF2-6463F76E8E5F",
"versionEndExcluding": "7.2.3.15",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB1D16B-E73A-4004-AD8D-B1E8238CA502",
"versionEndExcluding": "7.3.2.10",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\nis vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.25, 7.1 a 7.1.2.21, 7.2 a 7.2.3.14 y 7.3 a 7.3.2.0 / IBM DevOps Deploy 8.0 a 8.0.1.4 y 8.1 a 8.1 podr\u00edan permitir el acceso no autorizado a otros servicios o la posible exposici\u00f3n de datos confidenciales debido a la falta de autenticaci\u00f3n en su servicio Agent Relay."
}
],
"id": "CVE-2025-1997",
"lastModified": "2025-09-29T18:15:31.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-27T15:15:54.550",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7229035"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1998
Vulnerability from fkie_nvd - Published: 2025-03-27 15:15 - Updated: 2025-08-14 19:13
Severity ?
Summary
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
stores potentially sensitive authentication token information in log files that could be read by a local user.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7229034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5225DF4D-BDFD-4ECE-843E-6E51B00D0DCD",
"versionEndExcluding": "7.1.2.22",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB1BD1-C6C2-4B72-9FF2-6463F76E8E5F",
"versionEndExcluding": "7.2.3.15",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB1D16B-E73A-4004-AD8D-B1E8238CA502",
"versionEndExcluding": "7.3.2.10",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\nstores potentially sensitive authentication token information in log files that could be read by a local user."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 7.1.2.21, 7.2 a 7.2.3.14 y 7.3 a 7.3.2.0 / IBM DevOps Deploy versiones 8.0 a 8.0.1.4 y 8.1 a 8.1 almacenan informaci\u00f3n de token de autenticaci\u00f3n potencialmente confidencial en archivos de registro que un usuario local podr\u00eda leer."
}
],
"id": "CVE-2025-1998",
"lastModified": "2025-08-14T19:13:16.593",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-03-27T15:15:54.707",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7229034"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-56469
Vulnerability from fkie_nvd - Published: 2025-03-27 15:15 - Updated: 2025-08-14 01:58
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7229031 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45F2EBB-0A41-4731-8F8B-62D9BE418D35",
"versionEndExcluding": "7.1.2.23",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A230C986-7C8F-427E-8190-C249E44AB782",
"versionEndExcluding": "7.2.3.16",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89A8087E-4FC6-42F1-89D6-C17095EFF772",
"versionEndExcluding": "7.3.2.11",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.22, 7.2 a 7.2.3.15 y 7.3 a 7.3.2.10 / IBM DevOps Deploy 8.0 a 8.0.1.5 y 8.1 a 8.1.0.1 podr\u00edan permitir el acceso no autorizado a otros servicios o la posible exposici\u00f3n de datos confidenciales debido a la falta de autenticaci\u00f3n en su servicio Agent Relay."
}
],
"id": "CVE-2024-56469",
"lastModified": "2025-08-14T01:58:37.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-03-27T15:15:53.960",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7229031"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-55904
Vulnerability from fkie_nvd - Published: 2025-02-14 04:15 - Updated: 2025-08-18 18:14
Severity ?
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182841 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79421241-7D68-4B82-A53D-A47986F05FE9",
"versionEndExcluding": "7.0.5.26",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5225DF4D-BDFD-4ECE-843E-6E51B00D0DCD",
"versionEndExcluding": "7.1.2.22",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB1BD1-C6C2-4B72-9FF2-6463F76E8E5F",
"versionEndExcluding": "7.2.3.15",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB1D16B-E73A-4004-AD8D-B1E8238CA502",
"versionEndExcluding": "7.3.2.10",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements."
},
{
"lang": "es",
"value": "IBM DevOps Deploy 8.0 a 8.0.1.4, 8.1 a 8.1.0.0 / IBM UrbanCode Deploy 7.0 a 7.0.5.25, 7.1 a 7.1.2.21, 7.2 a 7.2.3.14 y 7.3 a 7.3.2.9 podr\u00edan permitir que un atacante remoto autenticado y privilegiado ejecute comandos arbitrarios en el sistema mediante el env\u00edo de entradas especialmente manipuladas que contengan elementos especiales."
}
],
"id": "CVE-2024-55904",
"lastModified": "2025-08-18T18:14:40.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-02-14T04:15:08.753",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182841"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-54176
Vulnerability from fkie_nvd - Published: 2025-02-08 17:15 - Updated: 2025-08-15 12:33
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182840 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79421241-7D68-4B82-A53D-A47986F05FE9",
"versionEndExcluding": "7.0.5.26",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5225DF4D-BDFD-4ECE-843E-6E51B00D0DCD",
"versionEndExcluding": "7.1.2.22",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB1BD1-C6C2-4B72-9FF2-6463F76E8E5F",
"versionEndExcluding": "7.2.3.15",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB1D16B-E73A-4004-AD8D-B1E8238CA502",
"versionEndExcluding": "7.3.2.10",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."
},
{
"lang": "es",
"value": "IBM DevOps Deploy 8.0 a 8.0.1.4, 8.1 a 8.1.0.0 e IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.25, 7.1 a 7.1.2.21, 7.2 a 7.2.3.14 y 7.3 a 7.3.2 podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n confidencial sobre otros usuarios en el sistema debido a la falta de autorizaci\u00f3n para una funci\u00f3n."
}
],
"id": "CVE-2024-54176",
"lastModified": "2025-08-15T12:33:18.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-08T17:15:21.643",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182840"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-51472
Vulnerability from fkie_nvd - Published: 2025-01-06 17:15 - Updated: 2025-06-20 18:09
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7177856 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7EAB3A-064E-4815-931B-87BC203E32B3",
"versionEndIncluding": "8.0.1.3",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B8C275-D9C0-4C4F-8039-9E86E894FED8",
"versionEndIncluding": "7.2.3.13",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D32AFE-8152-4417-868D-382DF5D3DD52",
"versionEndIncluding": "7.3.2.8",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.2 a 7.2.3.13, 7.3 a 7.3.2.8 e IBM DevOps Deploy 8.0 a 8.0.1.3 son vulnerables a la inyecci\u00f3n de HTML. Esta vulnerabilidad puede permitir que un usuario incorpore etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial."
}
],
"id": "CVE-2024-51472",
"lastModified": "2025-06-20T18:09:43.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-06T17:15:38.517",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7177856"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-13489 (GCVE-0-2025-13489)
Vulnerability from cvelistv5 – Published: 2025-12-15 19:51 – Updated: 2025-12-26 13:12
VLAI?
Title
IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information
Summary
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
Severity ?
5.9 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UCD - IBM DevOps Deploy |
Affected:
8.1 , ≤ 8.1.2.3
(semver)
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:19:51.112738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:19:59.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.2.3",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T13:12:41.505Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254662"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
}
],
"title": "IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13489",
"datePublished": "2025-12-15T19:51:13.534Z",
"dateReserved": "2025-11-20T20:25:06.479Z",
"dateUpdated": "2025-12-26T13:12:41.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14148 (GCVE-0-2025-14148)
Vulnerability from cvelistv5 – Published: 2025-12-15 19:43 – Updated: 2025-12-15 20:27
VLAI?
Title
IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability
Summary
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.
Severity ?
6.5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UCD - IBM DevOps Deploy |
Affected:
8.1 , ≤ 8.1.2.3
(semver)
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:26:24.957891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:27:13.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.2.3",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:45:23.132Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254663"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
}
],
"title": "IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14148",
"datePublished": "2025-12-15T19:43:07.880Z",
"dateReserved": "2025-12-05T19:00:10.655Z",
"dateUpdated": "2025-12-15T20:27:13.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36360 (GCVE-0-2025-36360)
Vulnerability from cvelistv5 – Published: 2025-12-15 19:38 – Updated: 2025-12-15 20:30
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability
Summary
IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.
Severity ?
5 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UCD - IBM UrbanCode Deploy |
Affected:
7.1 , ≤ 7.1.2.27
(semver)
Affected: 7.2 , ≤ 7.2.3.20 (semver) Affected: 7.3 , ≤ 7.3.2.15 (semver) cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:05.256376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:30:18.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:*"
],
"product": "UCD - IBM UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.27",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.20",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.15",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.10:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.10",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2.3",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:39:21.484Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254661"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later"
}
],
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36360",
"datePublished": "2025-12-15T19:38:57.832Z",
"dateReserved": "2025-04-15T21:16:55.331Z",
"dateUpdated": "2025-12-15T20:30:18.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36162 (GCVE-0-2025-36162)
Vulnerability from cvelistv5 – Published: 2025-09-02 18:52 – Updated: 2025-09-02 19:46
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy information disclosure
Summary
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system.
Severity ?
4.3 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
8.1 , ≤ 8.1.2.1
(semver)
cpe:2.3:a:ibm:urbancode_deploy:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:8.1.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T19:46:11.802301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T19:46:21.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:8.1.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.2.1",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system."
}
],
"value": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T18:52:08.189Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7243830"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.2-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\"\u003e8.1.2.2\u003c/a\u003e\u0026nbsp;or later\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly suggests the following:\n\nUpgrade affected versions to: 8.1.2.2 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36162",
"datePublished": "2025-09-02T18:52:08.189Z",
"dateReserved": "2025-04-15T21:16:21.703Z",
"dateUpdated": "2025-09-02T19:46:21.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1998 (GCVE-0-2025-1998)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:41 – Updated: 2025-09-01 01:01
VLAI?
Title
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure
Summary
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
stores potentially sensitive authentication token information in log files that could be read by a local user.
Severity ?
5.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.1 , ≤ 7.1.2.21
(semver)
Affected: 7.2 , ≤ 7.2.3.14 (semver) Affected: 7.3 , ≤ 7.3.2.9 (semver) cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:08:01.432262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:08:08.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003estores potentially sensitive authentication token information in log files that could be read by a local user.\u003c/span\u003e"
}
],
"value": "IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\nstores potentially sensitive authentication token information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:01:35.057Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1998",
"datePublished": "2025-03-27T14:41:56.148Z",
"dateReserved": "2025-03-05T16:10:35.455Z",
"dateUpdated": "2025-09-01T01:01:35.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1997 (GCVE-0-2025-1997)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:39 – Updated: 2025-09-29 18:09
VLAI?
Title
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.0 , ≤ 7.0.5.25
(semver)
Affected: 7.1 , ≤ 7.1.2.21 (semver) Affected: 7.2 , ≤ 7.2.3.14 (semver) Affected: 7.3 , ≤ 7.3.2.9 (semver) cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:09:37.164834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:10:02.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.25",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.\u003c/span\u003e"
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\nis vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T18:09:14.462Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229035"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1997",
"datePublished": "2025-03-27T14:39:48.719Z",
"dateReserved": "2025-03-05T16:10:34.631Z",
"dateUpdated": "2025-09-29T18:09:14.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56469 (GCVE-0-2024-56469)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:32 – Updated: 2025-09-01 10:14
VLAI?
Title
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
Severity ?
6.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.1 , ≤ 7.1.2.22
(semver)
Affected: 7.2 , ≤ 7.2.3.15 (semver) Affected: 7.3 , ≤ 7.3.2.10 (semver) cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.22:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.15:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3.2.10:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:09:59.879895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:10:02.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.22:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.15:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.22",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.15",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.10",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.5",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0.1",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T10:14:14.162Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56469",
"datePublished": "2025-03-27T14:32:51.723Z",
"dateReserved": "2024-12-26T12:51:26.633Z",
"dateUpdated": "2025-09-01T10:14:14.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55904 (GCVE-0-2024-55904)
Vulnerability from cvelistv5 – Published: 2025-02-14 03:23 – Updated: 2025-02-14 14:46
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy command injection
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.0 , ≤ 7.0.5.25
(semver)
Affected: 7.1 , ≤ 7.1.2.21 (semver) Affected: 7.2 , ≤ 7.2.3.14 (semver) Affected: 7.3 , ≤ 7.3.2.9 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T14:45:31.224840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T14:46:04.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.25",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0.0",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements."
}
],
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T03:23:49.065Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182841"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy command injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-55904",
"datePublished": "2025-02-14T03:23:49.065Z",
"dateReserved": "2024-12-12T18:07:11.453Z",
"dateUpdated": "2025-02-14T14:46:04.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54176 (GCVE-0-2024-54176)
Vulnerability from cvelistv5 – Published: 2025-02-08 16:15 – Updated: 2025-02-22 22:12
VLAI?
Title
IBM UrbanCode Deploy missing authentication
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
Severity ?
4.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.0 , ≤ 7.0.5.25
(semver)
Affected: 7.1 , ≤ 7.1.2.21 (semver) Affected: 7.2 , ≤ 7.2.3.14 (semver) Affected: 7.3 , ≤ 7.3.2.9 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T13:37:45.492103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:42.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.25",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0.0",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."
}
],
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T22:12:32.094Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182840"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-54176",
"datePublished": "2025-02-08T16:15:40.041Z",
"dateReserved": "2024-11-30T14:47:55.533Z",
"dateUpdated": "2025-02-22T22:12:32.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51472 (GCVE-0-2024-51472)
Vulnerability from cvelistv5 – Published: 2025-01-06 16:38 – Updated: 2025-08-27 21:33
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection
Summary
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Severity ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | DevOps Deploy |
Affected:
8.0 , ≤ 8.0.1.3
(semver)
cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:devops_deploy:8.0.1.3:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T17:09:43.342273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:33:04.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.3",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.2.3.13",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.8",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.\u003c/span\u003e"
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:38:11.973Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177856"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-51472",
"datePublished": "2025-01-06T16:38:11.973Z",
"dateReserved": "2024-10-28T10:50:18.700Z",
"dateUpdated": "2025-08-27T21:33:04.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13489 (GCVE-0-2025-13489)
Vulnerability from nvd – Published: 2025-12-15 19:51 – Updated: 2025-12-26 13:12
VLAI?
Title
IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information
Summary
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
Severity ?
5.9 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UCD - IBM DevOps Deploy |
Affected:
8.1 , ≤ 8.1.2.3
(semver)
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:19:51.112738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:19:59.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.2.3",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T13:12:41.505Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254662"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
}
],
"title": "IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13489",
"datePublished": "2025-12-15T19:51:13.534Z",
"dateReserved": "2025-11-20T20:25:06.479Z",
"dateUpdated": "2025-12-26T13:12:41.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14148 (GCVE-0-2025-14148)
Vulnerability from nvd – Published: 2025-12-15 19:43 – Updated: 2025-12-15 20:27
VLAI?
Title
IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability
Summary
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.
Severity ?
6.5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UCD - IBM DevOps Deploy |
Affected:
8.1 , ≤ 8.1.2.3
(semver)
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:26:24.957891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:27:13.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.2.3",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:45:23.132Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254663"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
}
],
"title": "IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14148",
"datePublished": "2025-12-15T19:43:07.880Z",
"dateReserved": "2025-12-05T19:00:10.655Z",
"dateUpdated": "2025-12-15T20:27:13.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36360 (GCVE-0-2025-36360)
Vulnerability from nvd – Published: 2025-12-15 19:38 – Updated: 2025-12-15 20:30
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability
Summary
IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.
Severity ?
5 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UCD - IBM UrbanCode Deploy |
Affected:
7.1 , ≤ 7.1.2.27
(semver)
Affected: 7.2 , ≤ 7.2.3.20 (semver) Affected: 7.3 , ≤ 7.3.2.15 (semver) cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:05.256376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:30:18.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:*"
],
"product": "UCD - IBM UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.27",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.20",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.15",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.10:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.10",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2.3",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:39:21.484Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254661"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later"
}
],
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36360",
"datePublished": "2025-12-15T19:38:57.832Z",
"dateReserved": "2025-04-15T21:16:55.331Z",
"dateUpdated": "2025-12-15T20:30:18.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36162 (GCVE-0-2025-36162)
Vulnerability from nvd – Published: 2025-09-02 18:52 – Updated: 2025-09-02 19:46
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy information disclosure
Summary
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system.
Severity ?
4.3 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
8.1 , ≤ 8.1.2.1
(semver)
cpe:2.3:a:ibm:urbancode_deploy:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:8.1.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T19:46:11.802301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T19:46:21.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:8.1.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.2.1",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system."
}
],
"value": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T18:52:08.189Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7243830"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.2-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\"\u003e8.1.2.2\u003c/a\u003e\u0026nbsp;or later\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly suggests the following:\n\nUpgrade affected versions to: 8.1.2.2 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36162",
"datePublished": "2025-09-02T18:52:08.189Z",
"dateReserved": "2025-04-15T21:16:21.703Z",
"dateUpdated": "2025-09-02T19:46:21.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1998 (GCVE-0-2025-1998)
Vulnerability from nvd – Published: 2025-03-27 14:41 – Updated: 2025-09-01 01:01
VLAI?
Title
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure
Summary
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
stores potentially sensitive authentication token information in log files that could be read by a local user.
Severity ?
5.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.1 , ≤ 7.1.2.21
(semver)
Affected: 7.2 , ≤ 7.2.3.14 (semver) Affected: 7.3 , ≤ 7.3.2.9 (semver) cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:08:01.432262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:08:08.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003estores potentially sensitive authentication token information in log files that could be read by a local user.\u003c/span\u003e"
}
],
"value": "IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\nstores potentially sensitive authentication token information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:01:35.057Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1998",
"datePublished": "2025-03-27T14:41:56.148Z",
"dateReserved": "2025-03-05T16:10:35.455Z",
"dateUpdated": "2025-09-01T01:01:35.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1997 (GCVE-0-2025-1997)
Vulnerability from nvd – Published: 2025-03-27 14:39 – Updated: 2025-09-29 18:09
VLAI?
Title
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.0 , ≤ 7.0.5.25
(semver)
Affected: 7.1 , ≤ 7.1.2.21 (semver) Affected: 7.2 , ≤ 7.2.3.14 (semver) Affected: 7.3 , ≤ 7.3.2.9 (semver) cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:09:37.164834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:10:02.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.25",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.\u003c/span\u003e"
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\nis vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T18:09:14.462Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229035"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1997",
"datePublished": "2025-03-27T14:39:48.719Z",
"dateReserved": "2025-03-05T16:10:34.631Z",
"dateUpdated": "2025-09-29T18:09:14.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56469 (GCVE-0-2024-56469)
Vulnerability from nvd – Published: 2025-03-27 14:32 – Updated: 2025-09-01 10:14
VLAI?
Title
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
Severity ?
6.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.1 , ≤ 7.1.2.22
(semver)
Affected: 7.2 , ≤ 7.2.3.15 (semver) Affected: 7.3 , ≤ 7.3.2.10 (semver) cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.22:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.15:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3.2.10:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:09:59.879895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:10:02.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.22:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.15:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.22",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.15",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.10",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.5",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0.1",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T10:14:14.162Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56469",
"datePublished": "2025-03-27T14:32:51.723Z",
"dateReserved": "2024-12-26T12:51:26.633Z",
"dateUpdated": "2025-09-01T10:14:14.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55904 (GCVE-0-2024-55904)
Vulnerability from nvd – Published: 2025-02-14 03:23 – Updated: 2025-02-14 14:46
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy command injection
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.0 , ≤ 7.0.5.25
(semver)
Affected: 7.1 , ≤ 7.1.2.21 (semver) Affected: 7.2 , ≤ 7.2.3.14 (semver) Affected: 7.3 , ≤ 7.3.2.9 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T14:45:31.224840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T14:46:04.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.25",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0.0",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements."
}
],
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T03:23:49.065Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182841"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy command injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-55904",
"datePublished": "2025-02-14T03:23:49.065Z",
"dateReserved": "2024-12-12T18:07:11.453Z",
"dateUpdated": "2025-02-14T14:46:04.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54176 (GCVE-0-2024-54176)
Vulnerability from nvd – Published: 2025-02-08 16:15 – Updated: 2025-02-22 22:12
VLAI?
Title
IBM UrbanCode Deploy missing authentication
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
Severity ?
4.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Affected:
7.0 , ≤ 7.0.5.25
(semver)
Affected: 7.1 , ≤ 7.1.2.21 (semver) Affected: 7.2 , ≤ 7.2.3.14 (semver) Affected: 7.3 , ≤ 7.3.2.9 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T13:37:45.492103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:42.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.25",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0.0",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."
}
],
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T22:12:32.094Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182840"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-54176",
"datePublished": "2025-02-08T16:15:40.041Z",
"dateReserved": "2024-11-30T14:47:55.533Z",
"dateUpdated": "2025-02-22T22:12:32.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51472 (GCVE-0-2024-51472)
Vulnerability from nvd – Published: 2025-01-06 16:38 – Updated: 2025-08-27 21:33
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection
Summary
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Severity ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | DevOps Deploy |
Affected:
8.0 , ≤ 8.0.1.3
(semver)
cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:devops_deploy:8.0.1.3:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T17:09:43.342273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:33:04.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.3",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.2.3.13",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.8",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.\u003c/span\u003e"
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:38:11.973Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177856"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-51472",
"datePublished": "2025-01-06T16:38:11.973Z",
"dateReserved": "2024-10-28T10:50:18.700Z",
"dateUpdated": "2025-08-27T21:33:04.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}