Vulnerability Details CVE-2025-36359
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.1%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2025-36359
-
cpe:2.3:a:ibm:devops_automation:1.0.1
-
cpe:2.3:a:ibm:devops_loop:1.0.2