Remote Information Disclosure in IBM Guardium Data Protection
CVE-2025-36020

5.9MEDIUM

Key Information:

Vendor

IBM
Status
Guardium Data Protection
Vendor
CVE Published:
6 August 2025

What is CVE-2025-36020?

IBM Guardium Data Protection is susceptible to a vulnerability that could allow a remote attacker to intercept and obtain sensitive credential information transmitted in cleartext. This security issue highlights the importance of implementing strong encryption protocols to safeguard data during transmission. Users are advised to review their configurations and apply necessary patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Guardium Data Protection 11.5

References

https://www.ibm.com/support/pages/node/7241547
vendor-advisorypatch

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-36020 : Remote Information Disclosure in IBM Guardium Data Protection