Lucene search
K
IbmDevops Deploy

19 matches found

CVE
CVE
added 2025/02/14 3:23 a.m.86 views

CVE-2024-55904

CVE-2024-55904 affects IBM UrbanCode Deploy (UCD) versions 7.0–7.0.5.25, 7.1–7.1.2.21, 7.2–7.2.3.14, 7.3–7.3.2.9 and IBM DevOps Deploy versions 8.0–8.0.1.4, 8.1–8.1.0.0. The vulnerability is a remote, authenticated command injection (CWE-78) allowing an attacker to execute arbitrary commands on t...

7.2CVSS7.2AI score0.00624EPSS
CVE
CVE
added 2024/05/10 3:49 p.m.74 views

CVE-2024-28781

The CVE-2024-28781 entry covers Cross‑Site Scripting in IBM UrbanCode Deploy (UCD). Affected versions are 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2.3.9, 7.3–7.3.2.4, and 8.0–8.0.0.1, where arbitrary JavaScript can be embedded in the Web UI, potentially altering functionality and exposing credentials wi...

5.4CVSS6AI score0.00276EPSS
CVE
CVE
added 2024/04/12 4:41 p.m.70 views

CVE-2024-22334

Summary : CVE-2024-22334 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy, with an incomplete revocation of permissions when deleting a custom security resource type. The issue can cause associated permissions of objects using that type to remain or be misreported, leading to inaccurate p...

4.4CVSS4.6AI score0.00436EPSS
CVE
CVE
added 2025/03/27 2:32 p.m.68 views

CVE-2024-56469

IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy are affected by a missing authentication issue in the Agent Relay service that could allow unauthorized access to other services or exposure of sensitive data. Affected versions include UCD 7.1–7.1.2.22, 7.2–7.2.3.15, 7.3–7.3.2.10 and DevOps Deploy...

6.3CVSS6.8AI score0.00246EPSS
CVE
CVE
added 2024/02/06 4:15 p.m.66 views

CVE-2024-22331

CVE-2024-22331 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. The issue could disclose sensitive user information when installing the Windows agent as a service, impacting UCD versions: 7.0–7.0.5.19, 7.1–7.1.2.15, 7.2–7.2.3.8, 7.3–7.3.2.3, and DevOps Deploy 8.0.0.0. Root cause is infor...

6.2CVSS5.2AI score0.00188EPSS
CVE
CVE
added 2024/04/12 4:53 p.m.65 views

CVE-2024-22358

IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy are affected by CVE-2024-22358: upon logout, sessions are not invalidated, allowing an authenticated user to impersonate another user. Affected versions include UCD 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2.3.9, 7.3–7.3.2.4 and DevOps Deploy 8.0–8.0.0.1....

8.8CVSS6.2AI score0.00411EPSS
CVE
CVE
added 2024/04/12 4:20 p.m.65 views

CVE-2024-22359

CVE-2024-22359 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. A cross-site scripting vulnerability exists in the Web UI that can allow embedding arbitrary JavaScript to alter functionality and potentially disclose credentials within a trusted session. Affected versions are UCD 7.0–7.0....

6.1CVSS6AI score0.0037EPSS
CVE
CVE
added 2025/03/27 2:41 p.m.65 views

CVE-2025-1998

CVE-2025-1998 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. The vulnerability stems from storing potentially sensitive authentication token information in log files, which could be read by a local user. Affected product versions include UCD 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, ...

5.5CVSS6.3AI score0.00163EPSS
CVE
CVE
added 2025/01/06 4:38 p.m.60 views

CVE-2024-51472

CVE-2024-51472 affects IBM UrbanCode Deploy (UCD) versions 7.2 (up to 7.2.3.13), 7.3 (up to 7.3.2.8), and IBM DevOps Deploy 8.0–8.0.1.3. The issue is HTML injection in the Web UI that may disclose sensitive information. Remediation is to upgrade to one of: 7.2.3.14, 7.3.2.9, 8.0.1.4, or 8.1.0.0 o...

3.1CVSS3.8AI score0.00244EPSS
CVE
CVE
added 2025/03/27 2:39 p.m.60 views

CVE-2025-1997

IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy contain an HTML injection vulnerability (CVE-2025-1997) in the Web UI. Affected versions include UCD 7.0–7.0.5.25, 7.1–7.1.2.21, 7.2–7.2.3.14, 7.3–7.3.2.0, and DevOps Deploy 8.0–8.0.1.4 and 8.1–8.1. The issue may allow embedding arbitrary HTML tags...

5.4CVSS6AI score0.00259EPSS
CVE
CVE
added 2024/04/12 4:51 p.m.59 views

CVE-2024-22339

CVE-2024-22339 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy, with the root cause being insufficient obfuscation of sensitive values in some log files, leading to potential sensitive information disclosure. Affected products and versions include: UCD 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2...

4.3CVSS5.9AI score0.00443EPSS
CVE
CVE
added 2025/02/08 4:15 p.m.59 views

CVE-2024-54176

CVE-2024-54176 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. The vulnerability arises from missing authorization for a function, enabling an authenticated user to obtain sensitive information about other users on the system (CWE-306). Affected are UCD versions 7.0–7.0.5.25, 7.1–7.1.2....

6.5CVSS6AI score0.00256EPSS
CVE
CVE
added last week26 views

CVE-2026-12086

CVE-2026-12086 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy (IDD): versions 7.2 (up to 7.2.3.23), 7.3 (up to 7.3.2.18), 8.0 (up to 8.0.1.13), 8.1 (up to 8.1.2.6), and 8.2 (up to 8.2.1.0) store potentially sensitive information in log files readable by local users. Root cause is insert...

6.2CVSS5.8AI score0.00101EPSS
CVE
CVE
added 2025/09/02 6:52 p.m.18 views

CVE-2025-36162

CVE-2025-36162 affects IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1.x before 8.1.2.2. An authenticated user could obtain sensitive information about the system configuration. Affected versions include 8.1 through 8.1.2.1. The vulnerability is categorized as exposure of sensitive system info...

4.3CVSS5.7AI score0.00214EPSS
CVE
CVE
added 2025/12/15 7:38 p.m.15 views

CVE-2025-36360

IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy are affected by a race condition in http-session client-IP binding enforcement that may allow a session to be briefly reused from a new IP before invalidation, potentially enabling unauthorized access under certain network conditions. Affected vers...

5CVSS6.2AI score0.00159EPSS
CVE
CVE
added last week14 views

CVE-2026-12085

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) are affected by CVE-2026-12085, which allows authenticated users to view sensitive configurations and secrets in API responses. Affected versions include UCD 7.3 through 7.3.2.18 and IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8....

6.5CVSS5.7AI score0.00234EPSS
CVE
CVE
added 2025/12/15 7:51 p.m.13 views

CVE-2025-13489

Affected product / component: IBM DevOps Deploy (UCD) versions 8.1 through 8.1.2.3. Root cause / vulnerability detail: Transmits data in clear text, enabling a potential man‑in‑the‑middle to obtain sensitive information. Impact (as stated): Confidentiality impact HIGH; no impact to integrity or a...

5.9CVSS5.9AI score0.00161EPSS
CVE
CVE
added 2025/12/15 7:43 p.m.13 views

CVE-2025-14148

CVE-2025-14148 affects IBM UCD - IBM DevOps Deploy versions 8.1 through 8.1.2.3. An authenticated user with LLM integration configuration privileges can recover a previously saved LLM API Token, exposing credentials. Root cause identified as insufficiently protected credentials (CWE-522). CVSSv3....

6.5CVSS6.1AI score0.00253EPSS
CVE
CVE
added last week11 views

CVE-2026-12084

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by CVE-2026-12084 due to a permissive Cross-Domain Security Policy with untrusted domains in UCD versions 8.1–8.1.2.6 and 8.2–8.2.1.0. This CORS misconfiguration could allow an attacker to perform privileged actions and retrieve sensitive...

7.5CVSS5.8AI score0.00162EPSS