IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
History

Tue, 30 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
Title IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.
First Time appeared Ibm
Ibm devops Automation
Ibm devops Loop
Weaknesses CWE-613
CPEs cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm devops Automation
Ibm devops Loop
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-30T20:11:57.390Z

Reserved: 2025-04-15T21:16:54.210Z

Link: CVE-2025-36359

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T22:30:06Z