{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36187", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:23.420Z", "datePublished": "2026-03-25T21:26:47.129Z", "dateUpdated": "2026-03-26T16:09:45.856Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T21:27:49.501Z"}, "title": "Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Knowledge Catalog Standard Cartridge", "versions": [{"status": "affected", "version": "5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1"}], "cpes": ["cpe:2.3:a:ibm:knowledge_catalog_standard_cartridge:5.0.0:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267542", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Affected Product(s)Version(s)IBM Knowledge Catalog Standard Cartridge5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><br></p><table><tbody><tr><td>Affected Product(s)</td><td>Version(s)</td></tr><tr><td>IBM Knowledge Catalog Standard Cartridge</td><td>5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1</td></tr></tbody></table>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T16:09:38.715873Z", "id": "CVE-2025-36187", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T16:09:45.856Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T16:09:38.715873Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T16:09:43.402Z"}}], "cna": {"title": "Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:knowledge_catalog_standard_cartridge:5.0.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Knowledge Catalog Standard Cartridge", "versions": [{"status": "affected", "version": "5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1"}]}], "solutions": [{"lang": "en", "value": "Affected Product(s)Version(s)IBM Knowledge Catalog Standard Cartridge5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1", "supportingMedia": [{"type": "text/html", "value": "<p><br></p><table><tbody><tr><td>Affected Product(s)</td><td>Version(s)</td></tr><tr><td>IBM Knowledge Catalog Standard Cartridge</td><td>5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1</td></tr></tbody></table>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267542", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T21:27:49.501Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36187", "state": "PUBLISHED", "dateUpdated": "2026-03-26T16:09:45.856Z", "dateReserved": "2025-04-15T21:16:23.420Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-03-25T21:26:47.129Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user."}], "id": "CVE-2025-36187", "lastModified": "2026-03-26T15:13:15.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T22:16:19.090", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7267542"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.0.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.0.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5,1.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.2.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Knowledge Catalog Standard Cartridge", "source": "cna", "vendor": "IBM"}, "product": "knowledge_catalog_standard_cartridge", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-03-25T22:35:43.493428+00:00", "value": {"mitigation_remediation": ["Review the IBM advisory and download the patch for the affected Knowledge Catalog Standard Cartridge versions", "Apply the patch or upgrade to a non-affected version as advised by IBM", "Confirm that log files no longer contain sensitive data and restrict log file access to authorized users"], "summary": {"action": "Immediate Patch", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "IBM Knowledge Catalog Standard Cartridge versions 5.0.0 through 5.2.1 are affected. These versions are part of IBM's Knowledge Catalog product line and are used in enterprise data cataloging and governance solutions.", "description_and_impact": "The vulnerability arises from the IBM Knowledge Catalog Standard Cartridge logging mechanism which records sensitive information, such as credentials or personal data, in standard log files. This design flaw allows a user who has local privileged access to read those logs, thereby exposing confidential data. The vulnerability is classified as CWE-532, reflecting improper handling of sensitive information.", "risk_and_exploitability": "While the CVSS base score of 4.4 indicates low to moderate severity, the risk escalates for environments where privileged accounts exist, as anyone with such access can retrieve sensitive data. No exploit probability score is available and the vulnerability is not listed in CISA's KEV catalog, suggesting limited publicly known exploitation at this time. The attack vector, inferred from the description, is local privileged access, meaning the vulnerability does not allow remote execution or denial of service."}}}}, "created": "2026-03-26T11:31:25.325848+00:00", "updated": "2026-03-26T12:09:28.592343+00:00", "vendors": ["ibm", "ibm$PRODUCT$knowledge_catalog_standard_cartridge"]}