8.1
CVE-2025-36359
- EPSS 0.19%
- Veröffentlicht 30.06.2026 20:11:57
- Zuletzt bearbeitet 06.07.2026 16:26:38
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Devops Automation Version1.0.1
Ibm ≫ Devops Loop Version1.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.086 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| psirt@us.ibm.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
https://www.ibm.com/support/pages/node/7277970