Ucd Ibm Devops Deploy Ucd Ibm Devops Deploy

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Ucd Ibm Devops Deploy.

By the Year

In 2026 there have been 3 vulnerabilities in Ucd Ibm Devops Deploy with an average score of 6.0 out of ten. Last year, in 2025 Ucd Ibm Devops Deploy had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Ucd Ibm Devops Deploy in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.23.

Year Vulnerabilities Average Score
2026 3 6.03
2025 3 5.80

It may take a day or so for new Ucd Ibm Devops Deploy vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Ucd Ibm Devops Deploy Security Vulnerabilities

CORS Misconfig in IBM DevOps Deploy 8.1-8.2.1.0 Enables Privileged Access
CVE-2026-12084 5.4 - Medium - June 30, 2026

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

Permissive Cross-domain Policy with Untrusted Domains

IBM UCD/DevOps Deploy 7.3-8.2 API Response Sensitive Disclosure
CVE-2026-12085 6.5 - Medium - June 30, 2026

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

Insertion of Sensitive Information Into Sent Data

IBM UrbanCode Deploy UCD 7.2-8.2 - Sensitive Log File Leakage
CVE-2026-12086 6.2 - Medium - June 30, 2026

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.

Insertion of Sensitive Information into Log File

IBM DevOps Deploy 8.1-8.1.2.3 Transmits Clear-Text Data (MITM)
CVE-2025-13489 5.9 - Medium - December 15, 2025

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

Cleartext Transmission of Sensitive Information

IBM DevOps Deploy 8.1-8.1.2.3 LLM Token Leak via Authenticated Config Priv
CVE-2025-14148 6.5 - Medium - December 15, 2025

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.

Insufficiently Protected Credentials

IBM UrbanCode Deploy 7.x-8.x Race Condition: http-session IP BND
CVE-2025-36360 5 - Medium - December 15, 2025

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.

Insufficient Session Expiration

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Ucd Ibm Devops Deploy or by IBM? Click the Watch button to subscribe.

IBM
Vendor

subscribe