Skip to main content

Devops Loop

1 CVEs product

Monthly

CVE-2025-36359 MEDIUM PATCH This Month

Session hijacking in IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 allows an authenticated user to impersonate another user because session IDs are not invalidated after they expire (CWE-613). An attacker who obtains or reuses a stale session identifier can act with the victim's identity, producing high confidentiality and integrity impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

IBM Information Disclosure Devops Automation Devops Loop
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Session hijacking in IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 allows an authenticated user to impersonate another user because session IDs are not invalidated after they expire (CWE-613). An attacker who obtains or reuses a stale session identifier can act with the victim's identity, producing high confidentiality and integrity impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

IBM Information Disclosure Devops Automation +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy