CVE-2024-51472

CWE-80CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
3.1LOW
EPSS
0.1%
top 68.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Devops DeployIBM Urbancode Deploy
Timeline
PublishedJan 6

Description

IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

CVEListV5ibm/devops_deploy8.08.0.1.3
NVDibm/devops_deploy8.0.0.08.0.1.3
CVEListV5ibm/urbancode_deploy7.27.2.3.13+1
NVDibm/urbancode_deploy7.27.2.3.13+1

🔴Vulnerability Details

2
GHSA
GHSA-fj69-f9qp-jh4f: IBM UrbanCode Deploy (UCD) 72025-01-06
CVEList
IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection2025-01-06
CVE-2024-51472 (LOW CVSS 3.1) | IBM UrbanCode Deploy (UCD) 7.2 thro | cvebase.io