CVE-2026-12085 PUBLISHED

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability

Assigner: ibm
Reserved: 12.06.2026 Published: 30.06.2026 Updated: 01.07.2026

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 6.5

Product Status

Vendor IBM
Product UCD - IBM UrbanCode Deploy
Versions
  • affected from 7.3.0 to 7.3.2.18 (incl.)
Vendor IBM
Product UCD - IBM DevOps Deploy
Versions
  • affected from 8.0 to 8.0.1.13 (incl.)
  • affected from 8.1.0 to 8.1.2.6 (incl.)
  • affected from 8.2.0 to 8.2.1.0 (incl.)

Solutions

IBM strongly suggests the following:

Upgrade affected versions to any of 7.3.2.19 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.0.1.14 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes or later

References

Problem Types

  • CWE-201 Insertion of Sensitive Information Into Sent Data CWE