CVE-2026-12085

MEDIUM

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability

Title source: cna
STIX 2.1

Description

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7277577

Scores

CVSS v3 6.5
EPSS 0.0023
EPSS Percentile 14.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-201
Status published
Products (6)
ibm/devops_deploy 8.0.0.0 - 8.0.1.14
IBM/UCD - IBM DevOps Deploy 8.0 - 8.0.1.13
IBM/UCD - IBM DevOps Deploy 8.1.0 - 8.1.2.6
IBM/UCD - IBM DevOps Deploy 8.2.0 - 8.2.1.0
IBM/UCD - IBM UrbanCode Deploy 7.3.0 - 7.3.2.18
ibm/urbancode_deploy 7.3.0.0 - 7.3.2.19
Published Jun 30, 2026
Tracked Since Jul 01, 2026