Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for DevOps Loop by IBM
CVE-2025-36359 (GCVE-0-2025-36359)
Vulnerability from nvd – Published: 2026-06-30 20:11 – Updated: 2026-07-01 13:23
VLAI
Title
IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.
Summary
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7277970 | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | DevOps Automation |
Affected:
1.0.1
cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:* |
|
| IBM | DevOps Loop |
Affected:
1.0.2
cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T13:23:25.823969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T13:23:33.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:*"
],
"product": "DevOps Automation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:*"
],
"product": "DevOps Loop",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sunil Dandamudi (HCL Software)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
}
],
"value": "IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T20:11:57.390Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277970"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by updating to \u003ca href=\"https://www.ibm.com/docs/en/devops-loop/1.0.3\" rel=\"nofollow\"\u003eIBM DevOps Loop 1.0.3\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by updating to IBM DevOps Loop 1.0.3 https://www.ibm.com/docs/en/devops-loop/1.0.3"
}
],
"title": "IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36359",
"datePublished": "2026-06-30T20:11:57.390Z",
"dateReserved": "2025-04-15T21:16:54.210Z",
"dateUpdated": "2026-07-01T13:23:33.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36359 (GCVE-0-2025-36359)
Vulnerability from cvelistv5 – Published: 2026-06-30 20:11 – Updated: 2026-07-01 13:23
VLAI
Title
IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.
Summary
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7277970 | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | DevOps Automation |
Affected:
1.0.1
cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:* |
|
| IBM | DevOps Loop |
Affected:
1.0.2
cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T13:23:25.823969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T13:23:33.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:*"
],
"product": "DevOps Automation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:*"
],
"product": "DevOps Loop",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sunil Dandamudi (HCL Software)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
}
],
"value": "IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T20:11:57.390Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277970"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by updating to \u003ca href=\"https://www.ibm.com/docs/en/devops-loop/1.0.3\" rel=\"nofollow\"\u003eIBM DevOps Loop 1.0.3\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by updating to IBM DevOps Loop 1.0.3 https://www.ibm.com/docs/en/devops-loop/1.0.3"
}
],
"title": "IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36359",
"datePublished": "2026-06-30T20:11:57.390Z",
"dateReserved": "2025-04-15T21:16:54.210Z",
"dateUpdated": "2026-07-01T13:23:33.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}