Lucene search
K

119 matches found

NVD
NVD
added 2026/03/03 8:16 p.m.3 views

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

6.2CVSS0.00108EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/03 7:46 p.m.5 views

CVE-2025-36363 IBM DevOps Plan is vulnerable to Excessive Authentication Attempts

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

5.9CVSS6AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 7:46 p.m.4 views

EUVD-2025-208254

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

5.9CVSS6AI score0.00252EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/03 7:46 p.m.3 views

CVE-2025-36363

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

5.9CVSS6AI score0.00252EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/03 7:46 p.m.15 views

CVE-2025-36363

CVE-2025-36363 affects IBM DevOps Plan 3.0.0–3.0.5. The root cause is an inadequate account lockout setting, potentially allowing a remote attacker to brute-force credentials. Documented impact is exposure of confidentiality with no integrity/availability impact stated; CVSS metrics indicate high...

7.5CVSS6AI score0.00252EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 7:43 p.m.4 views

CVE-2025-36364 IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters.

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

6.2CVSS5.9AI score0.00108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/03 7:43 p.m.1 views

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

6.2CVSS5.9AI score0.00108EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/03 7:43 p.m.13 views

CVE-2025-36364

Summary: CVE-2025-36364 affects IBM DevOps Plan REST APIs (versions 3.0.0–3.0.5). Affected component: web page cache can be stored locally and read by another user on the same system, exposing sensitive data. Root cause/impact: Local cache exposure potentially leaks sensitive information; CVSS ba...

6.2CVSS5.9AI score0.00108EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 7:23 a.m.15 views

Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.

Summary Multiple vulnerabilities were addressed in IBM DevOps Build 7.1.0.2. Vulnerability Details CVEID:CVE-2025-52434 DESCRIPTION: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This w...

9.8CVSS6.6AI score0.81147EPSS
Exploits14Affected Software1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

IBM DevOps Plan 安全漏洞

IBM DevOps Plan is a change management collaboration platform provided by the American multinational company International Business Machines IBM. Versions of IBM DevOps Plan 3.0.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the ability for web cache data to ...

6.2CVSS5.8AI score0.00108EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 12:22 p.m.8 views

Security Bulletin: IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters. (CVE-2025-36364)

Summary A vulnerability has been identified in IBM DevOps Plan REST APIs where sensitive data is transmitted via request query parameters. Vulnerability Details CVEID:CVE-2025-36364 DESCRIPTION: IBM DevOps Plan allows web page cache to be stored locally which can be read by another user on the...

6.2CVSS5.3AI score0.00108EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.6 views

CVE-2025-13489

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS6.3AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2025/12/15 8:15 p.m.4 views

CVE-2025-36360

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...

5CVSS0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/15 7:51 p.m.5 views

CVE-2025-13489 IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS5.9AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 7:51 p.m.18 views

CVE-2025-13489 IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/15 7:43 p.m.3 views

CVE-2025-14148 IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token...

6.5CVSS6.1AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 7:43 p.m.20 views

CVE-2025-14148 IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token...

6.5CVSS0.00253EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/12 8:42 p.m.5 views

Security Bulletin: IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information (CVE-2025-13489)

Summary Certain versions of the IBM DevOps Deploy include a configuration file that does not enforce redirecting HTTP traffic to HTTPS as intended CVE-2025-13489 Vulnerability Details CVEID:CVE-2025-13489 DESCRIPTION: IBM DevOps Deploy transmits data in clear text that could allow an attacker to...

5.9CVSS6.2AI score0.00161EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/12 8:42 p.m.7 views

Security Bulletin: IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability (CVE-2025-14148)

Summary IBM DevOps Deploy could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token. CVE-2025-14148 Vulnerability Details CVEID:CVE-2025-14148 DESCRIPTION: IBM DevOps Deploy could allow an authenticated user with LLM integration...

6.5CVSS6.5AI score0.00253EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/26 7:39 a.m.12 views

Security Bulletin: Vulnerability in IBM DevOps Solution Workbench

Summary The following vulnerability was addressed in IBM DevOps Solution Workbench version 5.1. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent...

5.3CVSS6.3AI score0.05666EPSS
Exploits2Affected Software1
Rows per page
Query Builder