CVE-2026-12085
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | UCD - IBM UrbanCode Deploy | 7.3.0 <= 7.3.2.18 | affected |
| IBM | UCD - IBM DevOps Deploy | 8.0 <= 8.0.1.13 | affected |
| IBM | UCD - IBM DevOps Deploy | 8.1.0 <= 8.1.2.6 | affected |
| IBM | UCD - IBM DevOps Deploy | 8.2.0 <= 8.2.1.0 | affected |
Weaknesses
- CWE-201: CWE-201 Insertion of Sensitive Information Into Sent Data
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.