CVE-2025-36363 IBM — Exploit & Vulnerability Details HIGH

CVE-2025-36363

HIGH CVSS 3.1: 7.5 EPSS 0.04%

Parameter	Value
CVSS	7.5 (HIGH)
Affected Versions	3.0.0 — 3.0.6
Fixed In	3.0.6
Type	CWE-307
Vendor	IBM
Public PoC	No

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

None

Нет модификации данных

Availability

None

Нет нарушения работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-307

Vulnerable Products 1

ibm:devops_plan

Known Affected Software Configurations 1

Configuration	From (including)	Up to (excluding)
Ibm Devops_Plan cpe:2.3:a:ibm:devops_plan::::::::	`3.0.0`	`3.0.6`

References 1

https://www.ibm.com/support/pages/node/7261934

psirt@us.ibm.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-13688

IBM

8.8

CVE-2025-13687

IBM

8.8

CVE-2025-13686

IBM

8.8

CVE-2026-1265

IBM

5.3

CVE-2025-36364

IBM

3.3

Menu

CVE-2025-36363

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

Known Affected Software Configurations 1

References 1

Related Vulnerabilities

CVE-2025-13688

CVE-2025-13687

CVE-2025-13686

CVE-2026-1265

CVE-2025-36364

CVE Details

Editor's Choice