Incorrect administrative access control in IBM DataPower Gateway_CVE-2025-36373

4.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Description

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.

Basic Information

ID CVE-2025-36373

Source ibm

Published Apr 1, 2026 at 20:47

Modified Apr 2, 2026 at 15:49

Affected Product

Vendor IBM

Product DataPower Gateway 10.6CD

Version 10.6.1.0

Affected Versions IBM DataPower Gateway 10.6CD 10.6.1.0
IBM DataPower Gateway 10.5.0 10.5.0.0
IBM DataPower Gateway 10.6.0 10.6.0.0

CWE Classification

CWE-497

References

www.ibm.com /support/pages/node/7267833

{
    "lastseen": "",
    "description": "IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.",
    "published": "2026-04-01T20:47:46.485Z",
    "modified": "2026-04-02T15:49:19.578Z",
    "type": "cve",
    "title": "Incorrect administrative access control in IBM DataPower Gateway",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7267833",
    "id": "CVE-2025-36373",
    "bulletinFamily": "",
    "cwe": [
        "CWE-497"
    ],
    "cvelist": null,
    "sourceData": "IBM DataPower Gateway 10.6CD 10.6.1.0\nIBM DataPower Gateway 10.5.0 10.5.0.0\nIBM DataPower Gateway 10.6.0 10.6.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DataPower Gateway 10.6CD",
    "version": "10.6.1.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}