{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-12086","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2026-06-12T13:24:25.610Z","datePublished":"2026-06-30T19:36:28.096Z","dateUpdated":"2026-07-01T13:24:38.890Z"},"containers":{"cna":{"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-06-30T19:36:28.096Z"},"title":"IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-532","description":"CWE-532 Insertion of Sensitive Information into Log File","type":"CWE"}]}],"affected":[{"vendor":"IBM","product":"UCD - IBM UrbanCode Deploy","versions":[{"status":"affected","version":"7.2.0","lessThanOrEqual":"7.2.3.23","versionType":"semver"},{"status":"affected","version":"7.3.0","lessThanOrEqual":"7.3.2.18","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.23:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.18:*:*:*:*:*:*:*"]},{"vendor":"IBM","product":"UCD - IBM DevOps Deploy","versions":[{"status":"affected","version":"8.0","lessThanOrEqual":"8.0.1.13","versionType":"semver"},{"status":"affected","version":"8.1.0","lessThanOrEqual":"8.1.2.6","versionType":"semver"},{"status":"affected","version":"8.2.0","lessThanOrEqual":"8.2.1.0","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.13:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.6:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.2.1.0:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.</p>"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7277576","tags":["vendor-advisory","patch"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":6.2,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}],"solutions":[{"lang":"en","value":"IBM strongly suggests the following:\n\n\n\nUpgrade affected versions to any of  7.2.3.24 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  7.3.2.19 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.0.1.14 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.1.2.7 https://www.ibm.com/support/fixcentral/swg/downloadFixes ,  8.2.2.0 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>IBM strongly suggests the following:</p><p>Upgrade affected versions to any of <a href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+UrbanCode+Deploy&amp;fixids=7.2.3.24+-IBM-UrbanCode-Deploy&amp;&amp;downloadMethod=http\" rel=\"nofollow\">7.2.3.24</a>, <a href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+UrbanCode+Deploy&amp;fixids=7.3.2.19-IBM-UrbanCode-Deploy&amp;downloadMethod=http\" rel=\"nofollow\">7.3.2.19</a>, <a href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+DevOps+Deploy&amp;fixids=8.0.1.14-IBM-DevOps-Deploy&amp;downloadMethod=http\" rel=\"nofollow\">8.0.1.14</a>, <a href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+DevOps+Deploy&amp;fixids=8.1.2.7-IBM-DevOps-Deploy&amp;downloadMethod=http\" rel=\"nofollow\">8.1.2.7</a>, <a href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+DevOps+Deploy&amp;fixids=8.2.2.0-IBM-DevOps-Deploy&amp;downloadMethod=http\" rel=\"nofollow\">8.2.2.0</a> or later</p>"}]}],"x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-07-01T13:24:27.725922Z","id":"CVE-2026-12086","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-07-01T13:24:38.890Z"}}]}}