CVE-2025-36373
published 2026-04-01CVE-2025-36373: IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0…
medium6.8CVSS 3.1
AVNACLPRHUINSCCHINAN
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | datapower_gateway | >= 10.5.0.0 < 10.5.0.21 | 10.5.0.21 |
| ibm | datapower_gateway | >= 10.6.0.0 < 10.6.0.9 | 10.6.0.9 |
| ibm | datapower_gateway | >= 10.6.1.0 < 10.6.6.0 | 10.6.6.0 |
| ibm | datapower_gateway_10.5.0 | 10.5.0.0 – 10.5.0.20 | — |
| ibm | datapower_gateway_10.6.0 | 10.6.0.0 – 10.6.0.8 | — |
| ibm | datapower_gateway_10.6cd | 10.6.1.0 – 10.6.5.0 | — |
| msrc | azl3_javapackages-bootstrap_1.14.0-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_javapackages-bootstrap_1.5.0-4_on_azure_linux_3.0 | — | — |
| msrc | cbl2_javapackages-bootstrap_1.5.0-6_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_ant_1.10.11-1_on_cbl_mariner_1.0 | — | — |