PT-2025-13208 · Ibm · Ibm Urbancode Deploy+1
Published
2025-03-27
·
Updated
2025-08-14
·
CVE-2025-1998
CVSS v3.1
5.5
Medium
| AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM UrbanCode Deploy versions 7.1.2.21 and earlier, 7.2 through 7.2.3.14, 7.3 through 7.3.2.0
IBM DevOps Deploy versions 8.0 through 8.0.1.4, 8.1 and earlier
Description
The issue concerns the storage of potentially sensitive authentication token information in log files, which could be accessed by a local user.
Recommendations
For IBM UrbanCode Deploy versions 7.1.2.21 and earlier, update to a version later than 7.1.2.21 to resolve the issue.
For IBM UrbanCode Deploy versions 7.2 through 7.2.3.14, update to a version later than 7.2.3.14.
For IBM UrbanCode Deploy versions 7.3 through 7.3.2.0, update to a version later than 7.3.2.0.
For IBM DevOps Deploy versions 8.0 through 8.0.1.4, update to a version later than 8.0.1.4.
For IBM DevOps Deploy version 8.1 and earlier, update to a version later than 8.1.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Devops Deploy
Ibm Urbancode Deploy