Primary

Context

IBM UCD - Insufficiently Protected Credentials Vulnerability Allowing LLM API Token Recovery

Vulnerability

Patched

A vulnerability exists in IBM UrbanCode Deploy (UCD) versions 8.1 through 8.1.2.3, allowing an authenticated user with privileges to configure LLM integration to retrieve a previously saved LLM API token. This issue is categorized as insufficiently protected credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to LLM API tokens, potentially allowing for misuse of the LLM integration capabilities within the application.

Remediation

Users are advised to upgrade to version 8.1.2.4 or 8.2.0.0. Instructions for downloading these versions are available on the IBM Support Fix Central website.

Added: Dec 15, 2025, 8:22 PM

Updated: Dec 15, 2025, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM UCD - Insufficiently Protected Credentials Vulnerability Allowing LLM API Token Recovery

Vulnerability

Impact

Remediation

Affected Products

IBM DevOps Deploy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating