First published: Wed Mar 26 2025(Updated: )
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM UrbanCode Deploy | <=7.0 - 7.0.5.25 | |
IBM UrbanCode Deploy | <=7.1 - 7.1.2.21 | |
IBM UrbanCode Deploy | <=7.2 - 7.2.3.14 | |
IBM UrbanCode Deploy | <=7.3 - 7.3.2.9 | |
IBM UrbanCode Deploy | <=8.0 - 8.0.1.4 | |
IBM UrbanCode Deploy | <=8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-1997 has a severity rating that suggests it could lead to potential sensitive information disclosure due to HTML injection.
To fix CVE-2025-1997, upgrade IBM UrbanCode Deploy to versions 7.0.5.26, 7.1.2.3, 7.2.3.15, 7.3.2.10, or 8.0.1.5 or higher.
CVE-2025-1997 affects IBM UrbanCode Deploy versions 7.0 through 7.0.5.25, 7.1 through 7.1.2.2, 7.2 through 7.2.3.14, 7.3 through 7.3.2.9, and 8.0 through 8.0.1.4.
CVE-2025-1997 is an HTML injection vulnerability that allows users to embed arbitrary HTML in the Web UI.
Yes, CVE-2025-1997 can potentially lead to sensitive information disclosure, making it a security risk for users.