Zero Day MonitorZDM

← Back to list

4.1

CVE-2025-36373PATCHED

ibm · ibm datapower

Incorrect administrative access control in IBM DataPower Gateway

Description

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.

Affected Products

Vendor	Product	Versions
ibm	ibm datapower	10.6.1.0, 10.5.0.0, 10.6.0.0, 10.6.5.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	datapower	mitre_affected	90%

References

https://www.ibm.com/support/pages/node/7267833(vendor-advisory, patch)

Related News (2 articles)

Tier C

VulDB7h ago

CVE-2025-36373 | IBM DataPower Gateway 10.6.0 up to 10.6.5.0 exposure of sensitive system information to an unauthorized control sphere

→ No new info (linked only)

Tier B

BSI Advisories2d ago

[NEU] [niedrig] IBM DataPower Gateway: Schwachstelle ermöglicht Offenlegung von Informationen

→ No new info (linked only)

CVSS 3.14.1 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://www.ibm.com/support/pages/node/7267833

CWECWE-497

PublishedApr 1, 2026

Last enriched6h agov2

Trending Score34

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2025-36375EXP

IBM DataPower Gateway vulnerable to CSRF

CRITICALCVE-2026-1345EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

CRITICALCVE-2025-66485EXP

Multiple vulnerabilities have been addressed in IBM Aspera Shares

CRITICALCVE-2026-4101EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

HIGHCVE-2026-1491EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Patch Available

Apr 1, 2026

Updated: affectedVersions

Apr 2, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated description with new details, added affected version 10.6.5.0, changed severity to HIGH, and noted that no exploit is available.

affectedVersions

via VulDB

v111h ago

Initial creation