CVE-2025-36373

Summary

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.

Affected Software

VendorProductVersion RangeStatus
IBMDataPower Gateway 10.6CD10.6.1.0 <= 10.6.5.0affected
IBMDataPower Gateway 10.5.010.5.0.0 <= 10.5.0.20affected
IBMDataPower Gateway 10.6.010.6.0.0 <= 10.6.0.8affected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References