{"timestamp":"2025-03-27T15:09:37.164834Z","id":"CVE-2025-1997","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"IBM","product":"UrbanCode Deploy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"],"versions":[{"version":"7.0","lessThanOrEqual":"7.0.5.25","versionType":"semver","status":"affected"},{"version":"7.1","lessThanOrEqual":"7.1.2.21","versionType":"semver","status":"affected"},{"version":"7.2","lessThanOrEqual":"7.2.3.14","versionType":"semver","status":"affected"},{"version":"7.3","lessThanOrEqual":"7.3.2.9","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"DevOps Deploy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"8.0","lessThanOrEqual":"8.0.1.4","versionType":"semver","status":"affected"},{"version":"8.1","status":"affected"}]}]

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 

is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

OR
          *cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:* versions from (including) 7.1.0.0 up to (excluding) 7.1.2.22
          *cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:* versions from (including) 7.2.0.0 up to (excluding) 7.2.3.15
          *cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:* versions from (including) 7.3.0.0 up to (excluding) 7.3.2.10
          *cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:* versions from (including) 7.0.0.0 up to (excluding) 7.0.5.26
          *cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:* versions from (including) 8.0.0.0 up to (excluding) 8.0.1.5
          *cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*

IBM Corporation: https://www.ibm.com/support/pages/node/7229035 Types: Vendor Advisory

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-80

https://www.ibm.com/support/pages/node/7229035