CVE-2026-12085

Summary

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

Affected Software

VendorProductVersion RangeStatus
IBMUCD - IBM UrbanCode Deploy7.3.0 <= 7.3.2.18affected
IBMUCD - IBM DevOps Deploy8.0 <= 8.0.1.13affected
IBMUCD - IBM DevOps Deploy8.1.0 <= 8.1.2.6affected
IBMUCD - IBM DevOps Deploy8.2.0 <= 8.2.1.0affected

Weaknesses

  • CWE-201: CWE-201 Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References