anonhaven
Ad

CVE-2025-36187

MEDIUM CVSS 3.1: 4.4 EPSS 0.01%
Updated Mar 31, 2026
IBM
Parameter Value
CVSS 4.4 (MEDIUM)
Type CWE-532
Vendor IBM
Public PoC No

IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-532

Vulnerable Products 11

Configuration From (including) Up to (excluding)
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.0.0:*:*:*:standard:*:*:*
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.0.1:*:*:*:standard:*:*:*
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.0.2:*:*:*:standard:*:*:*
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.0.3:*:*:*:standard:*:*:*
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.1:*:*:*:standard:*:*:*
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.1.1:*:*:*:standard:*:*:*
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.1.2:*:*:*:standard:*:*:*
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.1.3:*:*:*:standard:*:*:*
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.2.0:*:*:*:standard:*:*:*
Ibm Knowledge_Catalog
cpe:2.3:a:ibm:knowledge_catalog:5.2.1:*:*:*:standard:*:*:*
Redhat Openshift
cpe:2.3:o:redhat:openshift:-:*:*:*:*:*:*:*

References 1

https://www.ibm.com/support/pages/node/7267542
psirt@us.ibm.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1346

IBM

7.8

CVE-2026-1343

IBM

7.2

CVE-2026-1342

IBM

7.9

CVE-2025-13044

IBM

6.2

CVE-2026-1243

Microsoft

5.4