6.5
CVE-2026-12085
- EPSS 0.23%
- Veröffentlicht 30.06.2026 20:17:28
- Zuletzt bearbeitet 02.07.2026 18:35:42
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Devops Deploy Version >= 8.0.0.0 < 8.0.1.14
Ibm ≫ Devops Deploy Version >= 8.1.0.0 < 8.1.2.7
Ibm ≫ Devops Deploy Version >= 8.2.0.0 < 8.2.1.0
Ibm ≫ Urbancode Deploy Version >= 7.3.0.0 < 7.3.2.19
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.142 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-201 Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
https://www.ibm.com/support/pages/node/7277577