CNNVD-202512-2654 Information
CNNVD ID
CNNVD-202512-2654
Related CVE
- CNNVD Published: 2025-12-15
Description (Chinese)
IBM UrbanCode Deploy(IBM UCD)和IBM DevOps Deploy都是美国国际商业机器(IBM)公司的产品。IBM UrbanCode Deploy是一套应用自动化部署工具。该工具基于一个应用部署自动化管理信息模型,并通过远程代理技术,实现对复杂应用在不同环境下的自动化部署等。IBM DevOps Deploy是一种应用程序发布解决方案。标准化和简化在开发周期中将软件组件部署到每个环境的过程。 IBM UrbanCode Deploy(IBM UCD)和IBM DevOps Deploy存在代码问题漏洞,该漏洞源于http-session客户端IP绑定执行中存在竞争条件,可能导致未经授权访问。以下版本受到影响:IBM UrbanCode Deploy(IBM UCD) 7.1版本至7.1.2.27版本、7.2版本至7.2.3.20版本和7.3版本至7.3.2.15版本和IBM DevOps Deploy 8.0版本至8.0.1.10版本和8.1版本至8.1.2.3版本。
Description (English)
IBM UrbanCode Deploy (IBM UCD) and IBM DevOps Deploy are products of IBM. IBM UrbanCode Deploy is an automated deployment tool. The tool is based on an application of an automated management information model for deployment and automates deployment to complex applications in different environments through remote agent technology. IBM DevOps Deploy is an application release solution. Standardization and simplification of the deployment of software components to each environment during the development cycle. IBM UrbanCode Deploy (IBM UCD) and IBM DevOps Deploy had a code gap, which stemmed from competitive conditions in the implementation of the IP binding of the http-session client, which could lead to unauthorized access. The following versions were affected: IBM UrbanCode Deploy (IBM UCD) Version 7.1 to 7.1.27, 7.2 to 7.2.20 and 7.3 to 7.3.15 and IBM DevOps Deploy Version 8.0 to 8.0.10 and 8.1 to 8.1.2.3.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
国际商业机器
Published
2025-12-15
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7254661 https://access.redhat.com/security/cve/cve-2025-36360
Patch
https://www.ibm.com/support/pages/node/7254661
Share on: