IBM DevOps Plan: Weak Account Lockout Setting Exposes Passwords

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

IBM DevOps Plan: Weak Account Lockout Setting Exposes Passwords

CVE-2025-36363

Summary

IBM DevOps Plan versions 3.0.0 to 3.0.5 have a setting that makes it easy for attackers to guess passwords. This could allow a malicious user to try many passwords in a short amount of time to guess a valid one. IBM recommends updating to a newer version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
ibm	devops_plan	> 3.0.0 , <= 3.0.6	–

Original title

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

Original description

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

nvd CVSS3.1 7.5

Vulnerability type

CWE-307

https://www.ibm.com/support/pages/node/7261934 Vendor Advisory

Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026