Description
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.
Published: 2026-06-30
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a local user to read log files that contain potentially sensitive information, such as credentials or confidential deployment details, resulting in confidential data exposure and undermining trust in deployment pipelines. It stems from improper handling of log content, classified as a log file containment weakness.

Affected Systems

IBM DevOps Deploy and IBM UrbanCode Deploy (UCD) are affected. Versions 7.2 through 7.2.3.23 and 7.3 through 7.3.2.18 of IBM UrbanCode Deploy, and versions 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 of IBM DevOps Deploy. Specific impacted releases include 7.2.3.23, 7.3.2.18, 8.0.1.13, 8.1.2.6, and 8.2.1.0.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local user privileges with access to the log directory, making it a local information disclosure risk. An attacker with such access can read the logs and extract sensitive data; the exploit path is straightforward and does not require advanced skills.

Generated by OpenCVE AI on June 30, 2026 at 21:51 UTC.

Remediation

Vendor Solution

IBM strongly suggests the following: Upgrade affected versions to any of 7.2.3.24 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 7.3.2.19 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.0.1.14 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes , 8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes or later


OpenCVE Recommended Actions

  • Upgrade to any of the supported IBM UCD releases in the provided solution links (7.2.3.24 or later, 7.3.2.19 or later, 8.0.1.14 or later, 8.1.2.7 or later, 8.2.2.0 or later).
  • Verify log file permissions restrict access to privileged users only, ensuring that local users cannot read sensitive logs.
  • Configure the application to avoid logging sensitive data such as credentials or internal tokens, or apply log filtering to remove such content before it is written to disk.

Generated by OpenCVE AI on June 30, 2026 at 21:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.
Title IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability
First Time appeared Ibm
Ibm ucd Ibm Devops Deploy
Ibm ucd Ibm Urbancode Deploy
Weaknesses CWE-532
CPEs cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.23:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm ucd Ibm Devops Deploy
Ibm ucd Ibm Urbancode Deploy
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Ibm Ucd Ibm Devops Deploy Ucd Ibm Urbancode Deploy
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-30T19:36:28.096Z

Reserved: 2026-06-12T13:24:25.610Z

Link: CVE-2026-12086

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T22:00:16Z

Weaknesses
  • CWE-532

    Insertion of Sensitive Information into Log File