CVE-2025-36364 MEDIUM

CVE-2025-36364: IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters.

Vendor Ibm
Product DevOps Plan
Weakness CWE-525
Published March 3, 2026
Last update March 4, 2026

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system.

Key dates

02Disclosure timeline

March 3, 2026 CVE published
March 4, 2026 Record updated