IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://www.ibm.com/support/pages/node/7277970 |
|
History
Tue, 30 Jun 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system. | |
| Title | IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. | |
| First Time appeared |
Ibm
Ibm devops Automation Ibm devops Loop |
|
| Weaknesses | CWE-613 | |
| CPEs | cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm devops Automation Ibm devops Loop |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-06-30T20:11:57.390Z
Reserved: 2025-04-15T21:16:54.210Z
Link: CVE-2025-36359
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-30T22:30:06Z