CVE-2025-36020
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-08-13
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | guardium_data_protection | 11.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Guardium Data Protection version 11.5 involves the transmission of sensitive credential information in cleartext over the network. Because the data is not encrypted, a remote attacker could intercept and obtain this sensitive information. The issue is classified as CWE-319: Cleartext Transmission of Sensitive Information. [1]
How can this vulnerability impact me? :
The vulnerability allows a remote attacker to obtain sensitive credential information, which could lead to unauthorized access or compromise of systems relying on those credentials. Although it does not affect system integrity or availability, the confidentiality of sensitive data is at high risk. [1]
What immediate steps should I take to mitigate this vulnerability?
IBM recommends prompt updating of affected IBM Guardium Data Protection systems to version 11.5 or later where the vulnerability is fixed. No workarounds or mitigations are provided. [1]