6.5

CVE-2026-12085

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDevops Deploy Version >= 8.0.0.0 < 8.0.1.14
IbmDevops Deploy Version >= 8.1.0.0 < 8.1.2.7
IbmDevops Deploy Version >= 8.2.0.0 < 8.2.1.0
IbmUrbancode Deploy Version >= 7.3.0.0 < 7.3.2.19
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.142
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@us.ibm.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

https://www.ibm.com/support/pages/node/7277577
Vendor Advisory