Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Request Smuggling Vulnerability in Netty (CVE-2025-67735)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server and server-server inter-communication services. CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In version...

PT-2026-3742

Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...

CVE-2023-25722

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...

CVE-2025-62327

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2025-62327

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2025-62327

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2025-62327 HCL DevOps Deploy is susceptible to insufficiently protected credentials

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2025-62327

The CVE-2025-62327 affects HCL DevOps Deploy versions 8.1.2.0 through 8.1.2.3. A user with LLM configuration privileges may recover credentials saved for performing authenticated LLM Queries, indicating improper access control around LLM credentials. Root cause described across sources is insuffi...

CVE-2025-62327 HCL DevOps Deploy is susceptible to insufficiently protected credentials

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2019-16574

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2026-1838

Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy versions 8.1.2.0 through 8.1.2.3 Description A user possessing LLM configuration privileges may be able to recover credentials previously saved for authenticated LLM Queries. Recommendations Update HCL DevOps Deploy to a...

Security Bulletin: Rational Performance Tester contains a vulnerability which could lead to potential remote code execution

Summary Due to the use of the Apache Xalan Java XLST library, Rational Performance Tester contains a vulnerability that could lead to potential remote code execution. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execut...

Security Bulletin: Rational Performance Tester contains a vulnerability which could affect its use of the JavaScript HTTP client Axios

Summary Due to the use of the JavaScript HTTP client Axios, Rational Performance Tester contains a vulnerability which can result in a potential dential of service attack. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Whe...

Security Bulletin: Rational Performance Tester contains a vulnerability related to use of the Netty framework

Summary Due to the use of Netty, Rational Performance Tester contains a vulnerability which could result in an Out of Memory OOM condition. CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid...

DevOps and Cybersecurity: Building a New Line of Defense Against Digital Threats

Learn how DevOps and DevSecOps strengthen cybersecurity through automation, CI/CD, and secure DevOps development services...

HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...

CVE-2025-13489

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-14148

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token...

CVE-2025-36360

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...