CVE-2025-13489Cleartext Transmission of Sensitive Info in IBM Devops Deploy

CWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.0%
top 94.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Devops DeployIBM UCD IBM Devops Deploy
Timeline
PublishedDec 15

Description

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDibm/devops_deploy8.1.0.08.1.2.4
CVEListV5ibm/ucd_ibm_devops_deploy8.18.1.2.3

🔴Vulnerability Details

2
GHSA
GHSA-7m3h-x75f-vj4x: IBM UCD - IBM DevOps Deploy 82025-12-15
CVEList
IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information2025-12-15
CVE-2025-13489 — IBM Devops Deploy vulnerability | cvebase