Skip to main content

Devops Deploy

16 CVEs product

Monthly

CVE-2026-12086 MEDIUM This Month

Sensitive information disclosure in IBM UrbanCode Deploy and IBM DevOps Deploy exposes potentially sensitive data to any local user who can read application log files. Affected are UrbanCode Deploy 7.2 through 7.2.3.23 and 7.3 through 7.3.2.18, as well as DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog, but the local no-privilege vector combined with high confidentiality impact makes this a meaningful insider threat and post-compromise escalation vector in enterprise CI/CD environments.

IBM Information Disclosure Devops Deploy Urbancode Deploy
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-12085 MEDIUM This Month

Sensitive configuration and secret disclosure in IBM UrbanCode Deploy (7.3-7.3.2.18) and IBM DevOps Deploy (8.0-8.2.1.0) exposes credentials and configuration data to any authenticated low-privilege user via API responses. The exposed secrets can serve as a direct launchpad for privilege escalation or lateral movement within the CI/CD pipeline and connected deployment targets. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the CVSS-assigned high confidentiality impact reflects real post-authentication risk.

IBM Information Disclosure Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12084 HIGH This Week

Sensitive information disclosure and unauthorized privileged actions in IBM DevOps Deploy (formerly UrbanCode Deploy/UCD) versions 8.1.0 through 8.1.2.6 and 8.2.0 through 8.2.1.0 stem from an overly permissive Cross-Origin Resource Sharing (CORS) policy that fails to restrict requests to trusted domains. An attacker who lures an authenticated user to a malicious web page can leverage the victim's session across origins to read confidential data and invoke privileged operations. No public exploit identified at time of analysis, and EPSS is low (0.15%, 5th percentile), consistent with CISA SSVC scoring exploitation as 'none'.

IBM Cors Misconfiguration Information Disclosure Devops Deploy
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-36162 MEDIUM Monitor

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-1998 MEDIUM This Month

IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-1997 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM XSS Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-56469 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Authentication Bypass Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-55904 HIGH This Week

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-54176 MEDIUM This Month

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-51472 LOW Monitor

IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure XSS Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2024-28781 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-22359 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22358 HIGH This Week

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-22339 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-22334 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-22331 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Microsoft Urbancode Deploy Devops Deploy
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM This Month

Sensitive information disclosure in IBM UrbanCode Deploy and IBM DevOps Deploy exposes potentially sensitive data to any local user who can read application log files. Affected are UrbanCode Deploy 7.2 through 7.2.3.23 and 7.3 through 7.3.2.18, as well as DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog, but the local no-privilege vector combined with high confidentiality impact makes this a meaningful insider threat and post-compromise escalation vector in enterprise CI/CD environments.

IBM Information Disclosure Devops Deploy +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Sensitive configuration and secret disclosure in IBM UrbanCode Deploy (7.3-7.3.2.18) and IBM DevOps Deploy (8.0-8.2.1.0) exposes credentials and configuration data to any authenticated low-privilege user via API responses. The exposed secrets can serve as a direct launchpad for privilege escalation or lateral movement within the CI/CD pipeline and connected deployment targets. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the CVSS-assigned high confidentiality impact reflects real post-authentication risk.

IBM Information Disclosure Devops Deploy +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive information disclosure and unauthorized privileged actions in IBM DevOps Deploy (formerly UrbanCode Deploy/UCD) versions 8.1.0 through 8.1.2.6 and 8.2.0 through 8.2.1.0 stem from an overly permissive Cross-Origin Resource Sharing (CORS) policy that fails to restrict requests to trusted domains. An attacker who lures an authenticated user to a malicious web page can leverage the victim's session across origins to read confidential data and invoke privileged operations. No public exploit identified at time of analysis, and EPSS is low (0.15%, 5th percentile), consistent with CISA SSVC scoring exploitation as 'none'.

IBM Cors Misconfiguration Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Devops Deploy +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM XSS +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Authentication Bypass +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Devops Deploy +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Devops Deploy +1
NVD
EPSS 0% CVSS 3.1
LOW Monitor

IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure XSS +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Devops Deploy +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Devops Deploy +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Devops Deploy +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Microsoft +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy