206 matches found
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request Smuggling Vulnerability in Netty (CVE-2026-33870)
Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the Server/Agent/Relay communication system. CVE-2026-33870. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...
CVE-2026-56459
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-56458
HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
CVE-2026-56460 HCL DevOps Deploy / HCL Launch is susceptible to an Insertion of Sensitive Information Into Sent Data vulnerability
HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...
EUVD-2026-42552
HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
CVE-2026-56458
HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
CVE-2026-56459 HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-56459
CVE-2026-56459 affects HCL DevOps Deploy / HCL Launch. The issue: the application stores potentially sensitive information in log files, which could be read by a local user, enabling sensitive data disclosure. Details in the provided documents indicate a local-access exposure due to log handling,...
CVE-2026-56459
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
PT-2026-56765
Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy / HCL Launch affected versions not specified Description HCL DevOps Deploy / HCL Launch may disclose sensitive configurations and secrets to authenticated users through API responses. This information leakage could be leverag...
CVE-2026-12085
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...
CVE-2026-12086
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-12084 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
CVE-2026-12084
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by CVE-2026-12084 due to a permissive Cross-Domain Security Policy with untrusted domains in UCD versions 8.1–8.1.2.6 and 8.2–8.2.1.0. This CORS misconfiguration could allow an attacker to perform privileged actions and retrieve sensitive...
CVE-2026-12084
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
EUVD-2026-40391
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...
CVE-2026-12085 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...
CVE-2026-12085
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) are affected by CVE-2026-12085, which allows authenticated users to view sensitive configurations and secrets in API responses. Affected versions include UCD 7.3 through 7.3.2.18 and IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8....
CVE-2026-12086
CVE-2026-12086 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy (IDD): versions 7.2 (up to 7.2.3.23), 7.3 (up to 7.3.2.18), 8.0 (up to 8.0.1.13), 8.1 (up to 8.1.2.6), and 8.2 (up to 8.2.1.0) store potentially sensitive information in log files readable by local users. Root cause is insert...
EUVD-2026-40390
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...