PT-2025-13207 · Ibm · Ibm Urbancode Deploy+1
Published
2025-03-27
·
Updated
2025-08-14
·
CVE-2025-1997
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM UrbanCode Deploy versions 7.0 through 7.0.5.25
IBM UrbanCode Deploy versions 7.1 through 7.1.2.21
IBM UrbanCode Deploy versions 7.2 through 7.2.3.14
IBM UrbanCode Deploy versions 7.3 through 7.3.2.0
IBM DevOps Deploy versions 8.0 through 8.0.1.4
IBM DevOps Deploy version 8.1
Description
The issue is related to missing authentication in the Agent Relay service, which could allow unauthorized access to other services or potential exposure of sensitive data.
Recommendations
For IBM UrbanCode Deploy versions 7.0 through 7.0.5.25, update to a version later than 7.0.5.25.
For IBM UrbanCode Deploy versions 7.1 through 7.1.2.21, update to a version later than 7.1.2.21.
For IBM UrbanCode Deploy versions 7.2 through 7.2.3.14, update to a version later than 7.2.3.14.
For IBM UrbanCode Deploy versions 7.3 through 7.3.2.0, update to a version later than 7.3.2.0.
For IBM DevOps Deploy versions 8.0 through 8.0.1.4, update to a version later than 8.0.1.4.
For IBM DevOps Deploy version 8.1, consider disabling the Agent Relay service until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Devops Deploy
Ibm Urbancode Deploy