Devops Plan
CVE-2025-36363
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
AnalysisAI
Devops Plan versions up to 3.0.5 is affected by improper restriction of excessive authentication attempts (CVSS 5.9).
Technical ContextAI
This vulnerability (CWE-307: Improper Restriction of Excessive Authentication Attempts) affects Devops Plan. IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Devops Plan
View allIBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the
HTTP header injection in IBM DevOps Plan 3.0.0 through 3.0.6 allows unauthenticated remote attackers to inject arbitrary
Share
External POC / Exploit Code
Leaving vuln.today