Back to overview

CVE-2025-36359

HIGH
8.1
CVSS 3.1
Description
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.

Metadata

CVE ID
CVE-2025-36359
State
PUBLISHED
Assigner
ibm
Reserved
2025-04-15 21:16 UTC
Published
2026-06-30 20:11 UTC
Last updated
2026-06-30 20:11 UTC
Primary CWE
CWE-613
CWE-613 Insufficient Session Expiration
Vendor / Product
IBM / DevOps Automation
Sources
cve.org  ·  NVD

Severity & Metrics

8.1 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products (2)
VendorProductPlatformVersions
IBM DevOps Automation 1.0.1
IBM DevOps Loop 1.0.2
Weakness (CWE)
CWESourceDescription
CWE-613 cna CWE-613 Insufficient Session Expiration
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.1 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Back to overview