CVE-2025-36371
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-11-24
Assigner: IBM Corporation
Description
Description
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | i | 7.2 |
| ibm | i | 7.3 |
| ibm | i | 7.4 |
| ibm | i | 7.5 |
| ibm | i | 7.6 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-598 | The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM i versions 7.2 through 7.6 and involves the database plan cache implementation. A user who has access to the database plan cache can obtain information that they are not authorized to view, leading to an information disclosure issue.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information from the database plan cache to users who should not have access to it. This could result in exposure of confidential data and potential misuse of that information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70