IBM UrbanCode Deploy <=7.3.2.0 / DevOps Deploy <=8.1 Log Files Store Auth Tokens (Local Read)
CVE-2025-1998 Published on March 27, 2025
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
stores potentially sensitive authentication token information in log files that could be read by a local user.
Vulnerability Analysis
CVE-2025-1998 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2025-1998
stack.watch emails you whenever new vulnerabilities are published in IBM Urbancode Deploy or IBM Devops Deploy. Just hit a watch button to start following.
Affected Versions
IBM UrbanCode Deploy:- Version 7.1, <= 7.1.2.21 is affected.
- Version 7.2, <= 7.2.3.14 is affected.
- Version 7.3, <= 7.3.2.9 is affected.
- Version 8.0, <= 8.0.1.4 is affected.
- Version 8.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.