19 matches found
CVE-2024-55904
CVE-2024-55904 affects IBM UrbanCode Deploy (UCD) versions 7.0–7.0.5.25, 7.1–7.1.2.21, 7.2–7.2.3.14, 7.3–7.3.2.9 and IBM DevOps Deploy versions 8.0–8.0.1.4, 8.1–8.1.0.0. The vulnerability is a remote, authenticated command injection (CWE-78) allowing an attacker to execute arbitrary commands on t...
CVE-2024-28781
The CVE-2024-28781 entry covers Cross‑Site Scripting in IBM UrbanCode Deploy (UCD). Affected versions are 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2.3.9, 7.3–7.3.2.4, and 8.0–8.0.0.1, where arbitrary JavaScript can be embedded in the Web UI, potentially altering functionality and exposing credentials wi...
CVE-2024-22334
Summary : CVE-2024-22334 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy, with an incomplete revocation of permissions when deleting a custom security resource type. The issue can cause associated permissions of objects using that type to remain or be misreported, leading to inaccurate p...
CVE-2024-56469
IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy are affected by a missing authentication issue in the Agent Relay service that could allow unauthorized access to other services or exposure of sensitive data. Affected versions include UCD 7.1–7.1.2.22, 7.2–7.2.3.15, 7.3–7.3.2.10 and DevOps Deploy...
CVE-2024-22331
CVE-2024-22331 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. The issue could disclose sensitive user information when installing the Windows agent as a service, impacting UCD versions: 7.0–7.0.5.19, 7.1–7.1.2.15, 7.2–7.2.3.8, 7.3–7.3.2.3, and DevOps Deploy 8.0.0.0. Root cause is infor...
CVE-2024-22358
IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy are affected by CVE-2024-22358: upon logout, sessions are not invalidated, allowing an authenticated user to impersonate another user. Affected versions include UCD 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2.3.9, 7.3–7.3.2.4 and DevOps Deploy 8.0–8.0.0.1....
CVE-2024-22359
CVE-2024-22359 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. A cross-site scripting vulnerability exists in the Web UI that can allow embedding arbitrary JavaScript to alter functionality and potentially disclose credentials within a trusted session. Affected versions are UCD 7.0–7.0....
CVE-2025-1998
CVE-2025-1998 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. The vulnerability stems from storing potentially sensitive authentication token information in log files, which could be read by a local user. Affected product versions include UCD 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, ...
CVE-2024-51472
CVE-2024-51472 affects IBM UrbanCode Deploy (UCD) versions 7.2 (up to 7.2.3.13), 7.3 (up to 7.3.2.8), and IBM DevOps Deploy 8.0–8.0.1.3. The issue is HTML injection in the Web UI that may disclose sensitive information. Remediation is to upgrade to one of: 7.2.3.14, 7.3.2.9, 8.0.1.4, or 8.1.0.0 o...
CVE-2025-1997
IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy contain an HTML injection vulnerability (CVE-2025-1997) in the Web UI. Affected versions include UCD 7.0–7.0.5.25, 7.1–7.1.2.21, 7.2–7.2.3.14, 7.3–7.3.2.0, and DevOps Deploy 8.0–8.0.1.4 and 8.1–8.1. The issue may allow embedding arbitrary HTML tags...
CVE-2024-22339
CVE-2024-22339 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy, with the root cause being insufficient obfuscation of sensitive values in some log files, leading to potential sensitive information disclosure. Affected products and versions include: UCD 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2...
CVE-2024-54176
CVE-2024-54176 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. The vulnerability arises from missing authorization for a function, enabling an authenticated user to obtain sensitive information about other users on the system (CWE-306). Affected are UCD versions 7.0–7.0.5.25, 7.1–7.1.2....
CVE-2026-12086
CVE-2026-12086 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy (IDD): versions 7.2 (up to 7.2.3.23), 7.3 (up to 7.3.2.18), 8.0 (up to 8.0.1.13), 8.1 (up to 8.1.2.6), and 8.2 (up to 8.2.1.0) store potentially sensitive information in log files readable by local users. Root cause is insert...
CVE-2025-36162
CVE-2025-36162 affects IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1.x before 8.1.2.2. An authenticated user could obtain sensitive information about the system configuration. Affected versions include 8.1 through 8.1.2.1. The vulnerability is categorized as exposure of sensitive system info...
CVE-2025-36360
IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy are affected by a race condition in http-session client-IP binding enforcement that may allow a session to be briefly reused from a new IP before invalidation, potentially enabling unauthorized access under certain network conditions. Affected vers...
CVE-2026-12085
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) are affected by CVE-2026-12085, which allows authenticated users to view sensitive configurations and secrets in API responses. Affected versions include UCD 7.3 through 7.3.2.18 and IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8....
CVE-2025-13489
Affected product / component: IBM DevOps Deploy (UCD) versions 8.1 through 8.1.2.3. Root cause / vulnerability detail: Transmits data in clear text, enabling a potential man‑in‑the‑middle to obtain sensitive information. Impact (as stated): Confidentiality impact HIGH; no impact to integrity or a...
CVE-2025-14148
CVE-2025-14148 affects IBM UCD - IBM DevOps Deploy versions 8.1 through 8.1.2.3. An authenticated user with LLM integration configuration privileges can recover a previously saved LLM API Token, exposing credentials. Root cause identified as insufficiently protected credentials (CWE-522). CVSSv3....
CVE-2026-12084
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by CVE-2026-12084 due to a permissive Cross-Domain Security Policy with untrusted domains in UCD versions 8.1–8.1.2.6 and 8.2–8.2.1.0. This CORS misconfiguration could allow an attacker to perform privileged actions and retrieve sensitive...