CVE-2024-51472
3.1
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 1.6 / Impact: 1.4
Source: psirt@us.ibm.com (Secondary)
Description
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Affected (3)
Products: Ibm: Devops Deploy, Urbancode Deploy
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 8.0.0.0 to 8.0.1.3 | |
| From 7.2 to 7.2.3.13 |
Related CWEs
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
References (1)
Timeline
No history available yet.