CVE-2025-36359

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
References
Link Resource
https://www.ibm.com/support/pages/node/7277970 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:*

History

06 Jul 2026, 16:26

Type Values Removed Values Added
References () https://www.ibm.com/support/pages/node/7277970 - () https://www.ibm.com/support/pages/node/7277970 - Vendor Advisory
CPE cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:*
First Time Ibm devops Loop
Ibm
Ibm devops Automation

30 Jun 2026, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-30 21:16

Updated : 2026-07-06 16:26


NVD link : CVE-2025-36359

Mitre link : CVE-2025-36359

CVE.ORG link : CVE-2025-36359


JSON object : View

Products Affected

ibm

  • devops_loop
  • devops_automation
CWE
CWE-613

Insufficient Session Expiration