CVE-2026-12085
MEDIUMIBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability
Title source: cnaDescription
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7277577
Scores
CVSS v3
6.5
EPSS
0.0023
EPSS Percentile
14.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-201
Status
published
Products (6)
ibm/devops_deploy
8.0.0.0 - 8.0.1.14
IBM/UCD - IBM DevOps Deploy
8.0 - 8.0.1.13
IBM/UCD - IBM DevOps Deploy
8.1.0 - 8.1.2.6
IBM/UCD - IBM DevOps Deploy
8.2.0 - 8.2.1.0
IBM/UCD - IBM UrbanCode Deploy
7.3.0 - 7.3.2.18
ibm/urbancode_deploy
7.3.0.0 - 7.3.2.19
Published
Jun 30, 2026
Tracked Since
Jul 01, 2026