Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities found for UCD - IBM DevOps Deploy by IBM

    CVE-2026-12086 (GCVE-0-2026-12086)

    Vulnerability from nvd – Published: 2026-06-30 19:36 – Updated: 2026-07-01 13:24
    VLAI
    Title
    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability
    Summary
    IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277576 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM UrbanCode Deploy Affected: 7.2.0 , ≤ 7.2.3.23 (semver)
    Affected: 7.3.0 , ≤ 7.3.2.18 (semver)
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.23:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM UCD - IBM DevOps Deploy Affected: 8.0 , ≤ 8.0.1.13 (semver)
    Affected: 8.1.0 , ≤ 8.1.2.6 (semver)
    Affected: 8.2.0 , ≤ 8.2.1.0 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12086",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:24:27.725922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:24:38.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM UrbanCode Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.3.23",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.3.2.18",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1.13",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2.6",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:36:28.096Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277576"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to any of \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+UrbanCode+Deploy\u0026amp;fixids=7.2.3.24+-IBM-UrbanCode-Deploy\u0026amp;\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e7.2.3.24\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+UrbanCode+Deploy\u0026amp;fixids=7.3.2.19-IBM-UrbanCode-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e7.3.2.19\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.0.1.14-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.0.1.14\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.7-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.1.2.7\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.2.2.0-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.2.2.0\u003c/a\u003e or later\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of  7.2.3.24 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  7.3.2.19 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.0.1.14 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later"
            }
          ],
          "title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-12086",
        "datePublished": "2026-06-30T19:36:28.096Z",
        "dateReserved": "2026-06-12T13:24:25.610Z",
        "dateUpdated": "2026-07-01T13:24:38.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12085 (GCVE-0-2026-12085)

    Vulnerability from nvd – Published: 2026-06-30 19:38 – Updated: 2026-07-01 14:01
    VLAI
    Title
    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability
    Summary
    IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277577 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM UrbanCode Deploy Affected: 7.3.0 , ≤ 7.3.2.18 (semver)
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM UCD - IBM DevOps Deploy Affected: 8.0 , ≤ 8.0.1.13 (semver)
    Affected: 8.1.0 , ≤ 8.1.2.6 (semver)
    Affected: 8.2.0 , ≤ 8.2.1.0 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:01:22.988510Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:01:30.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM UrbanCode Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.2.18",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1.13",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2.6",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:38:19.293Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277577"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to any of \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+UrbanCode+Deploy\u0026amp;fixids=7.3.2.19-IBM-UrbanCode-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e7.3.2.19\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.0.1.14-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.0.1.14\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.7-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.1.2.7\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.2.2.0-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.2.2.0\u003c/a\u003e or later\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of  7.3.2.19 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.0.1.14 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later"
            }
          ],
          "title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-12085",
        "datePublished": "2026-06-30T19:38:19.293Z",
        "dateReserved": "2026-06-12T13:20:09.092Z",
        "dateUpdated": "2026-07-01T14:01:30.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12084 (GCVE-0-2026-12084)

    Vulnerability from nvd – Published: 2026-06-30 19:39 – Updated: 2026-07-01 12:55
    VLAI
    Title
    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains
    Summary
    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277575 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM DevOps Deploy Affected: 8.1.0 , ≤ 8.1.2.6 (semver)
    Affected: 8.2.0 , ≤ 8.2.1.0 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12084",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T12:54:58.596891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:55:10.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.2.6",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-942",
                  "description": "CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:39:24.786Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277575"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to any of \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.7-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.1.2.7\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.2.2.0-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.2.2.0\u003c/a\u003e or later\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of  8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later"
            }
          ],
          "title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-12084",
        "datePublished": "2026-06-30T19:39:24.786Z",
        "dateReserved": "2026-06-12T13:08:26.053Z",
        "dateUpdated": "2026-07-01T12:55:10.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36360 (GCVE-0-2025-36360)

    Vulnerability from nvd – Published: 2025-12-15 19:38 – Updated: 2025-12-15 20:30
    VLAI
    Title
    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability
    Summary
    IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254661 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM UrbanCode Deploy Affected: 7.1 , ≤ 7.1.2.27 (semver)
    Affected: 7.2 , ≤ 7.2.3.20 (semver)
    Affected: 7.3 , ≤ 7.3.2.15 (semver)
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM UCD - IBM DevOps Deploy Affected: 8.0 , ≤ 8.0.1.10 (semver)
    Affected: 8.1 , ≤ 8.1.2.3 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.10:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:30:05.256376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:30:18.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM UrbanCode Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.2.27",
                  "status": "affected",
                  "version": "7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.3.20",
                  "status": "affected",
                  "version": "7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.3.2.15",
                  "status": "affected",
                  "version": "7.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1.10",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2.3",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T19:39:21.484Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254661"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later"
            }
          ],
          "title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36360",
        "datePublished": "2025-12-15T19:38:57.832Z",
        "dateReserved": "2025-04-15T21:16:55.331Z",
        "dateUpdated": "2025-12-15T20:30:18.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14148 (GCVE-0-2025-14148)

    Vulnerability from nvd – Published: 2025-12-15 19:43 – Updated: 2025-12-15 20:27
    VLAI
    Title
    IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability
    Summary
    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254663 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM DevOps Deploy Affected: 8.1 , ≤ 8.1.2.3 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14148",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:26:24.957891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:27:13.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.2.3",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T19:45:23.132Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254663"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
            }
          ],
          "title": "IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14148",
        "datePublished": "2025-12-15T19:43:07.880Z",
        "dateReserved": "2025-12-05T19:00:10.655Z",
        "dateUpdated": "2025-12-15T20:27:13.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13489 (GCVE-0-2025-13489)

    Vulnerability from nvd – Published: 2025-12-15 19:51 – Updated: 2025-12-26 13:12
    VLAI
    Title
    IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information
    Summary
    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254662 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM DevOps Deploy Affected: 8.1 , ≤ 8.1.2.3 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:19:51.112738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:19:59.521Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.2.3",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-26T13:12:41.505Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254662"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
            }
          ],
          "title": "IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13489",
        "datePublished": "2025-12-15T19:51:13.534Z",
        "dateReserved": "2025-11-20T20:25:06.479Z",
        "dateUpdated": "2025-12-26T13:12:41.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12084 (GCVE-0-2026-12084)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:39 – Updated: 2026-07-01 12:55
    VLAI
    Title
    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains
    Summary
    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277575 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM DevOps Deploy Affected: 8.1.0 , ≤ 8.1.2.6 (semver)
    Affected: 8.2.0 , ≤ 8.2.1.0 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12084",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T12:54:58.596891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:55:10.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.2.6",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-942",
                  "description": "CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:39:24.786Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277575"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to any of \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.7-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.1.2.7\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.2.2.0-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.2.2.0\u003c/a\u003e or later\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of  8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later"
            }
          ],
          "title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-12084",
        "datePublished": "2026-06-30T19:39:24.786Z",
        "dateReserved": "2026-06-12T13:08:26.053Z",
        "dateUpdated": "2026-07-01T12:55:10.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12085 (GCVE-0-2026-12085)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:38 – Updated: 2026-07-01 14:01
    VLAI
    Title
    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability
    Summary
    IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277577 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM UrbanCode Deploy Affected: 7.3.0 , ≤ 7.3.2.18 (semver)
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM UCD - IBM DevOps Deploy Affected: 8.0 , ≤ 8.0.1.13 (semver)
    Affected: 8.1.0 , ≤ 8.1.2.6 (semver)
    Affected: 8.2.0 , ≤ 8.2.1.0 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:01:22.988510Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:01:30.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM UrbanCode Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.2.18",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1.13",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2.6",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:38:19.293Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277577"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to any of \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+UrbanCode+Deploy\u0026amp;fixids=7.3.2.19-IBM-UrbanCode-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e7.3.2.19\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.0.1.14-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.0.1.14\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.7-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.1.2.7\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.2.2.0-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.2.2.0\u003c/a\u003e or later\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of  7.3.2.19 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.0.1.14 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later"
            }
          ],
          "title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-12085",
        "datePublished": "2026-06-30T19:38:19.293Z",
        "dateReserved": "2026-06-12T13:20:09.092Z",
        "dateUpdated": "2026-07-01T14:01:30.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12086 (GCVE-0-2026-12086)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:36 – Updated: 2026-07-01 13:24
    VLAI
    Title
    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability
    Summary
    IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277576 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM UrbanCode Deploy Affected: 7.2.0 , ≤ 7.2.3.23 (semver)
    Affected: 7.3.0 , ≤ 7.3.2.18 (semver)
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.23:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM UCD - IBM DevOps Deploy Affected: 8.0 , ≤ 8.0.1.13 (semver)
    Affected: 8.1.0 , ≤ 8.1.2.6 (semver)
    Affected: 8.2.0 , ≤ 8.2.1.0 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12086",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:24:27.725922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:24:38.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM UrbanCode Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.3.23",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.3.2.18",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1.13",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2.6",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:36:28.096Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277576"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003eUpgrade affected versions to any of \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+UrbanCode+Deploy\u0026amp;fixids=7.2.3.24+-IBM-UrbanCode-Deploy\u0026amp;\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e7.2.3.24\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+UrbanCode+Deploy\u0026amp;fixids=7.3.2.19-IBM-UrbanCode-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e7.3.2.19\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.0.1.14-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.0.1.14\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.1.2.7-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.1.2.7\u003c/a\u003e, \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+DevOps+Deploy\u0026amp;fixids=8.2.2.0-IBM-DevOps-Deploy\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003e8.2.2.0\u003c/a\u003e or later\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of  7.2.3.24 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  7.3.2.19 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.0.1.14 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later"
            }
          ],
          "title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-12086",
        "datePublished": "2026-06-30T19:36:28.096Z",
        "dateReserved": "2026-06-12T13:24:25.610Z",
        "dateUpdated": "2026-07-01T13:24:38.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13489 (GCVE-0-2025-13489)

    Vulnerability from cvelistv5 – Published: 2025-12-15 19:51 – Updated: 2025-12-26 13:12
    VLAI
    Title
    IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information
    Summary
    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254662 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM DevOps Deploy Affected: 8.1 , ≤ 8.1.2.3 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:19:51.112738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:19:59.521Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.2.3",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-26T13:12:41.505Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254662"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
            }
          ],
          "title": "IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13489",
        "datePublished": "2025-12-15T19:51:13.534Z",
        "dateReserved": "2025-11-20T20:25:06.479Z",
        "dateUpdated": "2025-12-26T13:12:41.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14148 (GCVE-0-2025-14148)

    Vulnerability from cvelistv5 – Published: 2025-12-15 19:43 – Updated: 2025-12-15 20:27
    VLAI
    Title
    IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability
    Summary
    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254663 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM DevOps Deploy Affected: 8.1 , ≤ 8.1.2.3 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14148",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:26:24.957891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:27:13.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.2.3",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T19:45:23.132Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254663"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 8.1.2.4 , 8.2.0.0 or later"
            }
          ],
          "title": "IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14148",
        "datePublished": "2025-12-15T19:43:07.880Z",
        "dateReserved": "2025-12-05T19:00:10.655Z",
        "dateUpdated": "2025-12-15T20:27:13.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36360 (GCVE-0-2025-36360)

    Vulnerability from cvelistv5 – Published: 2025-12-15 19:38 – Updated: 2025-12-15 20:30
    VLAI
    Title
    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability
    Summary
    IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254661 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM UCD - IBM UrbanCode Deploy Affected: 7.1 , ≤ 7.1.2.27 (semver)
    Affected: 7.2 , ≤ 7.2.3.20 (semver)
    Affected: 7.3 , ≤ 7.3.2.15 (semver)
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM UCD - IBM DevOps Deploy Affected: 8.0 , ≤ 8.0.1.10 (semver)
    Affected: 8.1 , ≤ 8.1.2.3 (semver)
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.10:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T20:30:05.256376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T20:30:18.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM UrbanCode Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.2.27",
                  "status": "affected",
                  "version": "7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.3.20",
                  "status": "affected",
                  "version": "7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.3.2.15",
                  "status": "affected",
                  "version": "7.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"
              ],
              "product": "UCD - IBM DevOps Deploy",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1.10",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2.3",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.\u003c/p\u003e"
                }
              ],
              "value": "IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T19:39:21.484Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254661"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes IBM strongly suggests the following: Upgrade affected versions to any of 7.1.2.28 , 7.2.3.21 , 7.3.2.16 , 8.0.1.11 , 8.1.2.4 , 8.2.0.0 or later"
            }
          ],
          "title": "IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36360",
        "datePublished": "2025-12-15T19:38:57.832Z",
        "dateReserved": "2025-04-15T21:16:55.331Z",
        "dateUpdated": "2025-12-15T20:30:18.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }