5.4
CVE-2025-1997
- EPSS 0.11%
- Veröffentlicht 27.03.2025 14:39:48
- Zuletzt bearbeitet 29.09.2025 18:15:31
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Devops Deploy Version >= 8.0.0.0 < 8.0.1.5
Ibm ≫ Devops Deploy Version8.1.0.0
Ibm ≫ Urbancode Deploy Version >= 7.0.0.0 < 7.0.5.26
Ibm ≫ Urbancode Deploy Version >= 7.1.0.0 < 7.1.2.22
Ibm ≫ Urbancode Deploy Version >= 7.2.0.0 < 7.2.3.15
Ibm ≫ Urbancode Deploy Version >= 7.3.0.0 < 7.3.2.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.283 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 2.1 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
|
| psirt@us.ibm.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.