CVE-2024-51472 LOW

CVE-2024-51472: IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection

Vendor Ibm
Product DevOps Deploy
Weakness CWE-80 · XSS · basic
Published January 6, 2025
Last update August 27, 2025

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

Key dates

02Disclosure timeline

January 6, 2025 CVE published
August 27, 2025 Record updated