Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. (CVE-2026-4096)

Summary A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability. Vulnerability Details CVEID:CVE-2026-4096 DESCRIPTION: IBM DevOps Plan is vulnerable t...

CVE-2025-36363

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

CVE-2025-36363

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

CVE-2025-36363

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

CVE-2025-36363

CVE-2025-36363 affects IBM DevOps Plan 3.0.0–3.0.5. The root cause is an inadequate account lockout setting, potentially allowing a remote attacker to brute-force credentials. Documented impact is exposure of confidentiality with no integrity/availability impact stated; CVSS metrics indicate high...

EUVD-2025-208254

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

CVE-2025-36363 IBM DevOps Plan is vulnerable to Excessive Authentication Attempts

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

CVE-2025-36364 IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters.

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

CVE-2025-36364

Summary: CVE-2025-36364 affects IBM DevOps Plan REST APIs (versions 3.0.0–3.0.5). Affected component: web page cache can be stored locally and read by another user on the same system, exposing sensitive data. Root cause/impact: Local cache exposure potentially leaks sensitive information; CVSS ba...

IBM DevOps Plan 安全漏洞

IBM DevOps Plan is a change management collaboration platform provided by the American multinational company International Business Machines IBM. Versions of IBM DevOps Plan 3.0.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the ability for web cache data to ...

Security Bulletin: IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters. (CVE-2025-36364)

Summary A vulnerability has been identified in IBM DevOps Plan REST APIs where sensitive data is transmitted via request query parameters. Vulnerability Details CVEID:CVE-2025-36364 DESCRIPTION: IBM DevOps Plan allows web page cache to be stored locally which can be read by another user on the...