Search criteria
6 vulnerabilities found for UCD - IBM DevOps Deploy by IBM
CVE-2026-12084 (GCVE-0-2026-12084)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:39 – Updated: 2026-07-01 12:55
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains
Summary
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
Severity ?
5.4 (Medium)
CWE
- CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UCD - IBM DevOps Deploy |
Affected:
8.1.0 , ≤ 8.1.2.6
(semver)
Affected: 8.2.0 , ≤ 8.2.1.0 (semver) cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T12:54:58.596891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:55:10.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.2.6",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.1.0",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:39:24.786Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277575"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to any of \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.7-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.1.2.7\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.2.2.0-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.2.2.0\u003c/a\u003e or later\u003c/p\u003e"
}
],
"value": "IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of 8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes or later"
}
],
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-12084",
"datePublished": "2026-06-30T19:39:24.786Z",
"dateReserved": "2026-06-12T13:08:26.053Z",
"dateUpdated": "2026-07-01T12:55:10.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12085 (GCVE-0-2026-12085)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:38 – Updated: 2026-07-01 14:01
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability
Summary
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
Severity ?
6.5 (Medium)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UCD - IBM UrbanCode Deploy |
Affected:
7.3.0 , ≤ 7.3.2.18
(semver)
cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T14:01:22.988510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:01:30.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*"
],
"product": "UCD - IBM UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.3.2.18",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.13",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2.6",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.1.0",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:38:19.293Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277577"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to any of \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+UrbanCode+Deploy\u0026amp;fixids=7.3.2.19-IBM-UrbanCode-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e7.3.2.19\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.0.1.14-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.0.1.14\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.7-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.1.2.7\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.2.2.0-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.2.2.0\u003c/a\u003e or later\u003c/p\u003e"
}
],
"value": "IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of 7.3.2.19 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.0.1.14 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes or later"
}
],
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-12085",
"datePublished": "2026-06-30T19:38:19.293Z",
"dateReserved": "2026-06-12T13:20:09.092Z",
"dateUpdated": "2026-07-01T14:01:30.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12086 (GCVE-0-2026-12086)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:36 – Updated: 2026-07-01 13:24
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability
Summary
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.
Severity ?
6.2 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UCD - IBM UrbanCode Deploy |
Affected:
7.2.0 , ≤ 7.2.3.23
(semver)
Affected: 7.3.0 , ≤ 7.3.2.18 (semver) cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.23:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T13:24:27.725922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T13:24:38.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.23:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*"
],
"product": "UCD - IBM UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.2.3.23",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.18",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.13",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2.6",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.1.0",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:36:28.096Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277576"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to any of \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+UrbanCode+Deploy\u0026amp;fixids=7.2.3.24+-IBM-UrbanCode-Deploy\u0026amp;\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e7.2.3.24\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+UrbanCode+Deploy\u0026amp;fixids=7.3.2.19-IBM-UrbanCode-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e7.3.2.19\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.0.1.14-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.0.1.14\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.7-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.1.2.7\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.2.2.0-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.2.2.0\u003c/a\u003e or later\u003c/p\u003e"
}
],
"value": "IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of 7.2.3.24 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 7.3.2.19 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.0.1.14 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes or later"
}
],
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-12086",
"datePublished": "2026-06-30T19:36:28.096Z",
"dateReserved": "2026-06-12T13:24:25.610Z",
"dateUpdated": "2026-07-01T13:24:38.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13489 (GCVE-0-2025-13489)
Vulnerability from cvelistv5 – Published: 2025-12-15 19:51 – Updated: 2025-12-26 13:12
VLAI?
Title
IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information
Summary
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
Severity ?
5.9 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UCD - IBM DevOps Deploy |
Affected:
8.1 , ≤ 8.1.2.3
(semver)
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:19:51.112738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:19:59.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.2.3",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T13:12:41.505Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254662"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
}
],
"title": "IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13489",
"datePublished": "2025-12-15T19:51:13.534Z",
"dateReserved": "2025-11-20T20:25:06.479Z",
"dateUpdated": "2025-12-26T13:12:41.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14148 (GCVE-0-2025-14148)
Vulnerability from cvelistv5 – Published: 2025-12-15 19:43 – Updated: 2025-12-15 20:27
VLAI?
Title
IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability
Summary
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.
Severity ?
6.5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UCD - IBM DevOps Deploy |
Affected:
8.1 , ≤ 8.1.2.3
(semver)
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:26:24.957891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:27:13.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.2.3",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:45:23.132Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254663"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
}
],
"title": "IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14148",
"datePublished": "2025-12-15T19:43:07.880Z",
"dateReserved": "2025-12-05T19:00:10.655Z",
"dateUpdated": "2025-12-15T20:27:13.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36360 (GCVE-0-2025-36360)
Vulnerability from cvelistv5 – Published: 2025-12-15 19:38 – Updated: 2025-12-15 20:30
VLAI?
Title
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability
Summary
IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.
Severity ?
5 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | UCD - IBM UrbanCode Deploy |
Affected:
7.1 , ≤ 7.1.2.27
(semver)
Affected: 7.2 , ≤ 7.2.3.20 (semver) Affected: 7.3 , ≤ 7.3.2.15 (semver) cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:05.256376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:30:18.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:*"
],
"product": "UCD - IBM UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.27",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.20",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.15",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.10:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
],
"product": "UCD - IBM DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.10",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2.3",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.\u003c/p\u003e"
}
],
"value": "IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:39:21.484Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254661"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later"
}
],
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36360",
"datePublished": "2025-12-15T19:38:57.832Z",
"dateReserved": "2025-04-15T21:16:55.331Z",
"dateUpdated": "2025-12-15T20:30:18.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}