CVE-2025-1997

Published: Mar 27, 2025Modified: Sep 29, 2025

4.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.1 / Impact: 2.5

Source: NVD

Description

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

Affected (6)

Products: Ibm: Devops Deploy, Urbancode Deploy

Ibm

2 products

Devops Deploy

Urbancode Deploy

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ibm Devops Deploy	From 8.0.0.0 to 8.0.1.5
Ibm Devops Deploy	Version 8.1.0.0
Ibm Urbancode Deploy	From 7.0.0.0 to 7.0.5.26
Ibm Urbancode Deploy	From 7.1.0.0 to 7.1.2.22
Ibm Urbancode Deploy	From 7.2.0.0 to 7.2.3.15
Ibm Urbancode Deploy	From 7.3.0.0 to 7.3.2.10

Related CWEs

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

References (1)

https://www.ibm.com/support/pages/node/7229035

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.