Description
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
Severity (CVSS)
| Base score | 6.5 |
|---|---|
| Severity | Medium |
| Version | CVSS 3.1 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Provided by | CNA |
Weaknesses
- CWE-201 — CWE-201 Insertion of Sensitive Information Into Sent Data
Affected products
| Vendor | Product | Versions |
|---|---|---|
| IBM | UCD - IBM UrbanCode Deploy | 7.3.0 to <=7.3.2.18 |
| IBM | UCD - IBM DevOps Deploy | 8.0 to <=8.0.1.13; 8.1.0 to <=8.1.2.6; 8.2.0 to <=8.2.1.0 |
References
- https://www.ibm.com/support/pages/node/7277577 (vendor-advisory patch)
Generated from the official CVE List on 01 Jul 2026 07:05 UTC.