CVE-2024-51472: IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection

3.1 CVSS

Description

IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

Classification

CVE ID: CVE-2024-51472

CVSS Base Severity: LOW

CVSS Base Score: 3.1

Affected Products

Vendor: IBM

Product: DevOps Deploy

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.21% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://www.ibm.com/support/pages/node/7177856

Timeline

2025-01-07 00:30:33 UTC
CVE

IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection