Description

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

Severity (CVSS)

Base score6.5
SeverityMedium
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Provided byCNA

Weaknesses

  • CWE-201 — CWE-201 Insertion of Sensitive Information Into Sent Data

Affected products

VendorProductVersions
IBMUCD - IBM UrbanCode Deploy7.3.0 to <=7.3.2.18
IBMUCD - IBM DevOps Deploy8.0 to <=8.0.1.13; 8.1.0 to <=8.1.2.6; 8.2.0 to <=8.2.1.0

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 01 Jul 2026 07:05 UTC.