PT-2025-2902 · Ibm · Ibm Urbancode Deploy+1

Published

2024-10-28

Updated

2025-01-06

CVE-2024-51472

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM UrbanCode Deploy versions 7.2 through 7.2.3.13 IBM UrbanCode Deploy versions 7.3 through 7.3.2.8 IBM DevOps Deploy versions 8.0 through 8.0.1.3

Description This issue allows a user to embed arbitrary HTML tags in the Web UI, potentially leading to sensitive information disclosure. The vulnerability may permit users to incorporate arbitrary HTML tags into the web interface, which could result in the disclosure of confidential information.

Recommendations For IBM UrbanCode Deploy versions 7.2 through 7.2.3.13, update to a version outside of this range to resolve the issue. For IBM UrbanCode Deploy versions 7.3 through 7.3.2.8, update to a version outside of this range to resolve the issue. For IBM DevOps Deploy versions 8.0 through 8.0.1.3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

BDU:2025-06213

CVE-2024-51472

Affected Products

Ibm Devops Deploy

Ibm Urbancode Deploy

PT-2025-2902 · Ibm · Ibm Urbancode Deploy+1

CVE-2024-51472

Weakness Enumeration

Related Identifiers

Affected Products

References · 8