Unauthorized Access Vulnerability in IBM UrbanCode Deploy Agent Relay Service
CVE-2025-1997

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy; Devops Deploy
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-1997?

An important vulnerability in IBM UrbanCode Deploy's Agent Relay service may allow unauthorized users to access internal services or potentially expose sensitive information. Versions affected include IBM UrbanCode Deploy from 7.0 to 7.3.2.0 and IBM DevOps Deploy from 8.0 to 8.1. The lack of proper authentication measures could lead to unauthorized interactions with the system, emphasizing the need for immediate review and implementation of enhanced security measures.

Affected Version(s)

DevOps Deploy 8.0 <= 8.0.1.4

DevOps Deploy 8.1

UrbanCode Deploy 7.0 <= 7.0.5.25

References

https://www.ibm.com/support/pages/node/7229035

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Mar 5, 2025