IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
References
| Link | Resource |
|---|---|
| https://www.ibm.com/support/pages/node/7277970 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Jul 2026, 16:26
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.ibm.com/support/pages/node/7277970 - Vendor Advisory | |
| CPE | cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:* |
|
| First Time |
Ibm devops Loop
Ibm Ibm devops Automation |
30 Jun 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-30 21:16
Updated : 2026-07-06 16:26
NVD link : CVE-2025-36359
Mitre link : CVE-2025-36359
CVE.ORG link : CVE-2025-36359
JSON object : View
Products Affected
ibm
- devops_loop
- devops_automation
CWE
CWE-613
Insufficient Session Expiration
