{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T19:26:52.602","vulnerabilities":[{"cve":{"id":"CVE-2025-36360","sourceIdentifier":"psirt@us.ibm.com","published":"2025-12-15T20:15:50.237","lastModified":"2026-06-17T09:14:40.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"UCD - IBM UrbanCode Deploy","cpes":["cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1.2.27:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.2.3.20:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.3.2.15:*:*:*:*:*:*:*"],"versions":[{"version":"7.1","lessThanOrEqual":"7.1.2.27","versionType":"semver","status":"affected"},{"version":"7.2","lessThanOrEqual":"7.2.3.20","versionType":"semver","status":"affected"},{"version":"7.3","lessThanOrEqual":"7.3.2.15","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"UCD - IBM DevOps Deploy","cpes":["cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0.1.10:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.1.2.3:*:*:*:*:*:*:*"],"versions":[{"version":"8.0","lessThanOrEqual":"8.0.1.10","versionType":"semver","status":"affected"},{"version":"8.1","lessThanOrEqual":"8.1.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-12-15T20:30:05.256376Z","id":"CVE-2025-36360","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndExcluding":"8.0.1.11","matchCriteriaId":"566A98BF-76EF-4D0F-9F18-B0EADEDC9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.0","versionEndExcluding":"8.1.2.4","matchCriteriaId":"749B35C4-217A-4507-A9FB-85C7907D837B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.0.0","versionEndExcluding":"7.1.2.28","matchCriteriaId":"ECFA32A6-29C3-40DD-9D89-F496104E6DBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0.0","versionEndExcluding":"7.2.3.21","matchCriteriaId":"019C63D6-3DDA-432D-8D7D-62801E732796"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0.0","versionEndExcluding":"7.3.2.16","matchCriteriaId":"B633DCF4-FB02-4081-A2E1-E38050C5EF04"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7254661","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}}]}