IBM UrbanCode Deploy
Moderate fix3 remedies
cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 7.1, <= 7.1.2.27
- >= 7.2, <= 7.2.3.20
- >= 7.3, <= 7.3.2.15
IBM UrbanCode Deploy and IBM DevOps Deploy Race Condition Vulnerability in Session IP Binding Enforcement
Vulnerability
Patched
A race condition vulnerability has been identified in IBM UrbanCode Deploy versions 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15, as well as in IBM DevOps Deploy versions 8.0 through 8.0.1.10 and 8.1 through 8.1.2.3. This vulnerability arises from insufficient session expiration in the enforcement of client-IP binding for http sessions. It may allow a session to be temporarily reused from a different IP address before it is invalidated, potentially leading to unauthorized access under certain network conditions.
Impact
Exploitation of this vulnerability could result in unauthorized access to the application by allowing a session to be reused from a new IP address, bypassing IP-based session management controls.
Remediation
Users are advised to upgrade to IBM UrbanCode Deploy versions 7.1.2.28, 7.2.3.21, 7.3.2.16 or later, and to upgrade to IBM DevOps Deploy versions 8.0.1.11, 8.1.2.4, 8.2.0.0 or later.
Added: Dec 15, 2025, 8:20 PM
Updated: Dec 15, 2025, 8:20 PM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
5.0exploitability
4.5remediation
7.7relevance
1.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.