1375 matches found
CVE-2025-36363
IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...
CVE-2025-36363 IBM DevOps Plan is vulnerable to Excessive Authentication Attempts
IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...
EUVD-2025-208254
IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...
CVE-2025-36363 IBM DevOps Plan is vulnerable to Excessive Authentication Attempts
IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...
CVE-2025-36363
CVE-2025-36363 affects IBM DevOps Plan 3.0.0–3.0.5. The root cause is an inadequate account lockout setting, potentially allowing a remote attacker to brute-force credentials. Documented impact is exposure of confidentiality with no integrity/availability impact stated; CVSS metrics indicate high...
CVE-2025-36363
IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...
EUVD-2025-208255
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...
CVE-2025-36364 IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters.
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...
CVE-2025-36364
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...
CVE-2025-36364
Summary: CVE-2025-36364 affects IBM DevOps Plan REST APIs (versions 3.0.0–3.0.5). Affected component: web page cache can be stored locally and read by another user on the same system, exposing sensitive data. Root cause/impact: Local cache exposure potentially leaks sensitive information; CVSS ba...
Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.
Summary Multiple vulnerabilities were addressed in IBM DevOps Build 7.1.0.2. Vulnerability Details CVEID:CVE-2025-52434 DESCRIPTION: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This w...
PT-2026-22799
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...
PT-2026-22798
Name of the Vulnerable Software and Affected Versions IBM DevOps Plan versions 3.0.0 through 3.0.5 Description The software uses an inadequate account lockout setting, which could allow a remote attacker to brute force account credentials. Recommendations Update to a version beyond 3.0.5...
IBM DevOps Plan 安全漏洞
IBM DevOps Plan is a change management collaboration platform provided by the American multinational company International Business Machines IBM. Versions of IBM DevOps Plan 3.0.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the ability for web cache data to ...
IBM DevOps Plan 安全漏洞
IBM DevOps Plan is a change management collaboration platform provided by the American multinational company International Business Machines IBM. Versions of IBM DevOps Plan 3.0.0 and earlier contained security vulnerabilities. These vulnerabilities were due to improper account locking settings,...
devops-security-pipeline-poc
DevOps Security Pipeline POC A security-integrated CI/CD pipe...
Security Bulletin: IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters. (CVE-2025-36364)
Summary A vulnerability has been identified in IBM DevOps Plan REST APIs where sensitive data is transmitted via request query parameters. Vulnerability Details CVEID:CVE-2025-36364 DESCRIPTION: IBM DevOps Plan allows web page cache to be stored locally which can be read by another user on the...
Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2025-13333]
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Updates for Azure DevOps 2022 XSS (February 2026)
The Microsoft Team Foundation Server is missing a security update. It is, therefore, affected by the following vulnerability: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. CVE-2026-21512 Note that Nessus has not...
CVE-2026-21512
Server-side request forgery ssrf in Azure DevOps Server allows an authorized attacker to perform spoofing over a network...