Ibm Ucd Ibm Devops Deploy vulnerabilities

3 known vulnerabilities affecting ibm/ucd_ibm_devops_deploy.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2025-36360MEDIUMCVSS 5.0≥ 8.0, ≤ 8.0.1.10≥ 8.1, ≤ 8.1.2.32025-12-15

CVE-2025-36360 [MEDIUM] CWE-613 CVE-2025-36360: IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated

CVE-2025-13489MEDIUMCVSS 5.9≥ 8.1, ≤ 8.1.2.32025-12-15

CVE-2025-13489 [MEDIUM] CWE-319 CVE-2025-13489: IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

CVE-2025-14148MEDIUMCVSS 6.5≥ 8.1, ≤ 8.1.2.32025-12-15

CVE-2025-14148 [MEDIUM] CWE-522 CVE-2025-14148: IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integrati IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.