CVE-2025-36373 | THREATINT

Description

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.

PUBLISHED Reserved 2025-04-15 | Published 2026-04-01 | Updated 2026-04-02 | Assigner ibm

MEDIUM: 4.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Problem types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

10.6.1.0 (semver)

affected

10.5.0.0 (semver)

affected

10.6.0.0 (semver)

affected

Credits

Acknowledgement This vulnerability was reported to IBM by Michał Bartoszuk & Maciej Włodarczyk @ STM Cyber. finder

References

www.ibm.com/support/pages/node/7267833 vendor-advisory patch

cve.org (CVE-2025-36373)

nvd.nist.gov (CVE-2025-36373)

Download JSON