CVE-2025-36371

Summary

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.  A user with access to the database plan cache could see information they do not have authority to view.

Affected Software

VendorProductVersion RangeStatus
IBMi7.6affected
IBMi7.5affected
IBMi7.4affected
IBMi7.3affected
IBMi7.2affected

Weaknesses

  • CWE-598: CWE-598 Use of GET Request Method With Sensitive Query Strings

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References