anonhaven
Ad

CVE-2025-36373

MEDIUM CVSS 3.1: 6.8 EPSS 0.03%
Updated Apr 06, 2026
IBM
Parameter Value
CVSS 6.8 (MEDIUM)
Affected Versions 10.5.0.0 — 10.6.6.0
Fixed In 10.5.0.21
Type CWE-497
Vendor IBM
Public PoC No

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-497

Vulnerable Products 3

Configuration From (including) Up to (excluding)
Ibm Datapower_Gateway
cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*
 10.5.0.0 10.5.0.21
Ibm Datapower_Gateway
cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*
 10.6.0.0 10.6.0.9
Ibm Datapower_Gateway
cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*
 10.6.1.0 10.6.6.0

References 1

https://www.ibm.com/support/pages/node/7267833
psirt@us.ibm.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-13044

IBM

6.2

CVE-2026-1243

Microsoft

5.4

CVE-2025-66487

IBM

6.5

CVE-2025-66486

IBM

6.1

CVE-2025-66485

IBM

5.4