7.5
CVE-2026-12084
- EPSS 0.16%
- Veröffentlicht 30.06.2026 20:17:28
- Zuletzt bearbeitet 02.07.2026 18:37:16
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Devops Deploy Version >= 8.1.0.0 < 8.1.2.7
Ibm ≫ Devops Deploy Version >= 8.2.0.0 < 8.2.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.058 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
https://www.ibm.com/support/pages/node/7277575