wid-sec-w-2026-0906 · Published 2026-03-29 · View on BSI CERT-Bund ↗

IBM DataPower Gateway: Vulnerability allows Offenlegung from Informationen

CVSS 4.1 MEDIUM

Risk Summary

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.

CVEs (1)

CVE-2025-36373

Affected Vendors

IBM

Affected Products (6)

IBM · DataPower Gateway <10.6.6.0

IBM · DataPower Gateway 10.6.6.0

IBM · DataPower Gateway <10.5.0.21

IBM · DataPower Gateway 10.5.0.21

IBM · DataPower Gateway <10.6.0.9

IBM · DataPower Gateway 10.6.0.9

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more