Sensitive Authentication Token Exposure in IBM UrbanCode Deploy and DevOps Deploy
CVE-2025-1998

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy; Devops Deploy
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-1998?

IBM UrbanCode Deploy and DevOps Deploy contain a vulnerability where potentially sensitive authentication token information is retained in log files. This issue allows local users to gain unauthorized access to sensitive data, which could compromise system security. The affected versions include UCD 7.1.2.21, 7.2 through 7.2.3.14, 7.3 through 7.3.2.0, and DevOps Deploy 8.0.1.4 and 8.1. It is crucial for users of these products to review log file management practices and implement appropriate safeguards to protect sensitive information.

Affected Version(s)

DevOps Deploy 8.0 <= 8.0.1.4

DevOps Deploy 8.1

UrbanCode Deploy 7.1 <= 7.1.2.21

References

https://www.ibm.com/support/pages/node/7229034

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Mar 5, 2025