Skip to main content

Devops Plan

3 CVEs product

Monthly

CVE-2026-4096 MEDIUM PATCH This Month

HTTP header injection in IBM DevOps Plan 3.0.0 through 3.0.6 allows unauthenticated remote attackers to inject arbitrary HTTP headers by supplying a malicious HOST header value that the application fails to sanitize. The vulnerability (CWE-644) can be leveraged to mount cross-site scripting attacks against users, poison intermediate caches with attacker-controlled content, or hijack authenticated sessions. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, though the low-complexity, no-authentication-required attack surface makes this a meaningful risk for any internet-facing deployment.

XSS IBM Devops Plan
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-36364 MEDIUM This Month

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. [CVSS 6.2 MEDIUM]

IBM Devops Plan
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-36363 MEDIUM This Month

Devops Plan versions up to 3.0.5 is affected by improper restriction of excessive authentication attempts (CVSS 5.9).

IBM Devops Plan
NVD
CVSS 3.1
5.9
EPSS
0.1%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

HTTP header injection in IBM DevOps Plan 3.0.0 through 3.0.6 allows unauthenticated remote attackers to inject arbitrary HTTP headers by supplying a malicious HOST header value that the application fails to sanitize. The vulnerability (CWE-644) can be leveraged to mount cross-site scripting attacks against users, poison intermediate caches with attacker-controlled content, or hijack authenticated sessions. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, though the low-complexity, no-authentication-required attack surface makes this a meaningful risk for any internet-facing deployment.

XSS IBM Devops Plan
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. [CVSS 6.2 MEDIUM]

IBM Devops Plan
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Devops Plan versions up to 3.0.5 is affected by improper restriction of excessive authentication attempts (CVSS 5.9).

IBM Devops Plan
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy