IBM Devops Deploy
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Devops Deploy.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Devops Deploy. Last year, in 2025 Devops Deploy had 7 security vulnerabilities published. Right now, Devops Deploy is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 7 | 5.79 |
| 2024 | 6 | 5.75 |
It may take a day or so for new Devops Deploy vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Devops Deploy Security Vulnerabilities
IBM DevOps Deploy 8.1-8.1.2.3 LLM Token Leak via Authenticated Config Priv
CVE-2025-14148
6.5 - Medium
- December 15, 2025
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.
Insufficiently Protected Credentials
Unauthorized Access via Missing Auth in IBM UCD Agent Relay (v7.1-7.3, 8.0-8.1)
CVE-2024-56469
6.3 - Medium
- March 27, 2025
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
Missing Authentication for Critical Function
IBM UrbanCode Deploy <=7.3.2.0 / DevOps Deploy <=8.1 Log Files Store Auth Tokens (Local Read)
CVE-2025-1998
5.5 - Medium
- March 27, 2025
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user.
Insertion of Sensitive Information into Log File
Unauthorized Access via Missing Auth in IBM UrbanCode Deploy Agent Relay 7.0-8.1
CVE-2025-1997
5.4 - Medium
- March 27, 2025
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Basic XSS
Remote Command Execution in IBM UrbanCode Deploy 7.x-7.3.2.9 & 8.x-8.1.0.0
CVE-2024-55904
7.2 - High
- February 14, 2025
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
Shell injection
IBM DevOps Deploy 8.08.1.0.0 Auth Bypass Exposes User Info
CVE-2024-54176
6.5 - Medium
- February 08, 2025
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
Missing Authentication for Critical Function
IBM UrbanCode Deploy 7.2.3.13/7.3.2.8/8.0.1.3 HTML Injection CVE-2024-51472
CVE-2024-51472
3.1 - Low
- January 06, 2025
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
XSS
IBM UrbanCode Deploy 7.0-8.0: WebUI XSS (vuln <= 8.0.0.1)
CVE-2024-28781
5.4 - Medium
- May 14, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654.
XSS
IBM UrbanCode Deploy 7.0-8.0.1 XSS in Web UI
CVE-2024-22359
6.1 - Medium
- April 12, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.
XSS
IBM UCD Session Invalidation (7.07.3, 8.0): Impersonation via Unexpired Session
CVE-2024-22358
8.8 - High
- April 12, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.
Insufficient Session Expiration
IBM UrbanCode Deploy 7.x-8.x Log Sensitive Data Exposure
CVE-2024-22339
4.3 - Medium
- April 12, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.
Insertion of Sensitive Information into Log File
IBM UCD Incomplete Permission Revocation Custom Security Type Delete (v7.0-8.0)
CVE-2024-22334
4.4 - Medium
- April 12, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.
Incorrect Permission Assignment for Critical Resource
IBM UCD Windows Agent Sensitive Info Disclosure 7.0-8.0
CVE-2024-22331
5.5 - Medium
- February 06, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Devops Deploy or by IBM? Click the Watch button to subscribe.
