{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1997", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-05T16:10:34.631Z", "datePublished": "2025-03-27T14:39:48.719Z", "dateUpdated": "2025-03-27T15:10:02.286Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "UrbanCode Deploy", "vendor": "IBM", "versions": [{"lessThanOrEqual": "7.0.5.25", "status": "affected", "version": "7.0", "versionType": "semver"}, {"lessThanOrEqual": "7.1.2.21", "status": "affected", "version": "7.1", "versionType": "semver"}, {"lessThanOrEqual": "7.2.3.14", "status": "affected", "version": "7.2", "versionType": "semver"}, {"lessThanOrEqual": "7.3.2.9", "status": "affected", "version": "7.3", "versionType": "semver"}]}, {"cpes": ["cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "DevOps Deploy", "vendor": "IBM", "versions": [{"lessThanOrEqual": "8.0.1.4", "status": "affected", "version": "8.0", "versionType": "semver"}, {"status": "affected", "version": "8.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."}], "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-03-27T14:39:48.719Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7229035"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-27T15:09:37.164834Z", "id": "CVE-2025-1997", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T15:10:02.286Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1997", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-27T15:09:37.164834Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T15:09:52.667Z"}}], "cna": {"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "UrbanCode Deploy", "versions": [{"status": "affected", "version": "7.0", "versionType": "semver", "lessThanOrEqual": "7.0.5.25"}, {"status": "affected", "version": "7.1", "versionType": "semver", "lessThanOrEqual": "7.1.2.21"}, {"status": "affected", "version": "7.2", "versionType": "semver", "lessThanOrEqual": "7.2.3.14"}, {"status": "affected", "version": "7.3", "versionType": "semver", "lessThanOrEqual": "7.3.2.9"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "DevOps Deploy", "versions": [{"status": "affected", "version": "8.0", "versionType": "semver", "lessThanOrEqual": "8.0.1.4"}, {"status": "affected", "version": "8.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7229035", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.", "supportingMedia": [{"type": "text/html", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-03-27T14:39:48.719Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1997", "state": "PUBLISHED", "dateUpdated": "2025-03-27T15:10:02.286Z", "dateReserved": "2025-03-05T16:10:34.631Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-03-27T14:39:48.719Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."}], "id": "CVE-2025-1997", "lastModified": "2025-03-27T16:45:12.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-03-27T15:15:54.550", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7229035"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}