CVE-2026-12085
MEDIUM
6.5
CVSS 3.1
Description
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
Metadata
Severity & Metrics
6.5
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products (2)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| IBM | UCD - IBM DevOps Deploy | — | 8.0 ≤ 8.0.1.13, 8.1.0 ≤ 8.1.2.6, 8.2.0 ≤ 8.2.1.0 |
| IBM | UCD - IBM UrbanCode Deploy | — | 7.3.0 ≤ 7.3.2.18 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-201 | cna | CWE-201 Insertion of Sensitive Information Into Sent Data |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (1)