CVE-2025-36003 - Vulnerability Details - OpenCVE

IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ibm	Security Verify Governance

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7243303

History

Thu, 28 Aug 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 28 Aug 2025 02:30:00 +0000

Type	Values Removed	Values Added
Description		IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
Title		IBM Security Verify Governance Identity Manager information disclosure
First Time appeared		Ibm Ibm security Verify Governance
Weaknesses		CWE-209
CPEs		cpe:2.3:a:ibm:security_verify_governance:10.0.2:::::::*
Vendors & Products		Ibm Ibm security Verify Governance
References		https://www.ibm.com/support/pages/node/7243303
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-08-28T02:07:51.600Z

Updated: 2025-08-28T14:18:52.198Z

Reserved: 2025-04-15T21:16:05.532Z

Link: CVE-2025-36003

Vulnrichment

Updated: 2025-08-28T14:18:37.953Z

NVD

Status : Awaiting Analysis

Published: 2025-08-28T03:15:37.843

Modified: 2025-08-29T16:24:09.860

Link: CVE-2025-36003

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36003", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:05.532Z", "datePublished": "2025-08-28T02:07:51.600Z", "dateUpdated": "2025-08-28T14:18:52.198Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Security Verify Governance Identity Manager", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.0.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system."}], "value": "IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-28T02:07:51.600Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7243303"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Customers should update their systems by downloading the relevant fix pack:</p><div><table><tbody><tr><td><strong>Affected product(s)</strong></td><td><strong>Version(s)</strong></td><td><strong>Fix Availability</strong></td></tr><tr><td>IBM Security Verify Governance</td><td> 10.0.2</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.2.5&platform=All&function=fixId&fixids=10.0.2.0-ISS-ISVG-IGVA-FP0006&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true\"> </a><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.2.5&platform=All&function=fixId&fixids=10.0.2.0-ISS-ISVG-IGVA-FP0006&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true\">10.0.2.0-ISS-ISVG-IGVA-FP0006</a></td></tr><tr><td>IBM Security Verify Governance - <br>Identity Manager Software Stack</td><td> 10.0.2</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.2.5&platform=All&function=fixId&fixids=10.0.2.0-ISS-ISVG-IMSW-FP0006&includeRequisites=1&includeSupersedes=0&downloadMethod=http\">10.0.2.0-ISS-ISVG-IMSW-FP0006</a></td></tr><tr><td>IBM Security Verify Governance - <br>Identity Manager Virtual Appliance</td><td> 10.0.2</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.2.5&platform=All&function=fixId&fixids=10.0.2.0-ISS-ISVG-IMVA-FP0006&includeRequisites=1&includeSupersedes=0&downloadMethod=http\">10.0.2.0-ISS-ISVG-IMVA-FP0006</a></td></tr></tbody></table></div>\n\n<br>"}], "value": "Customers should update their systems by downloading the relevant fix pack:\n\nAffected product(s)Version(s)Fix AvailabilityIBM Security Verify Governance\u00a010.0.2 \u00a0 https://www.ibm.com/support/fixcentral/swg/downloadFixes 10.0.2.0-ISS-ISVG-IGVA-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Security Verify Governance - \nIdentity Manager Software Stack\u00a010.0.2 10.0.2.0-ISS-ISVG-IMSW-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Security Verify Governance - \nIdentity Manager Virtual Appliance\u00a010.0.2 10.0.2.0-ISS-ISVG-IMVA-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Security Verify Governance Identity Manager information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-28T14:18:34.403689Z", "id": "CVE-2025-36003", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-28T14:18:52.198Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36003", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-28T14:18:34.403689Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-28T14:18:37.953Z"}}], "cna": {"title": "IBM Security Verify Governance Identity Manager information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Security Verify Governance Identity Manager", "versions": [{"status": "affected", "version": "10.0.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Customers should update their systems by downloading the relevant fix pack:\n\nAffected product(s)Version(s)Fix AvailabilityIBM Security Verify Governance\u00a010.0.2 \u00a0 https://www.ibm.com/support/fixcentral/swg/downloadFixes 10.0.2.0-ISS-ISVG-IGVA-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Security Verify Governance - \nIdentity Manager Software Stack\u00a010.0.2 10.0.2.0-ISS-ISVG-IMSW-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Security Verify Governance - \nIdentity Manager Virtual Appliance\u00a010.0.2 10.0.2.0-ISS-ISVG-IMVA-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes", "supportingMedia": [{"type": "text/html", "value": "<p>Customers should update their systems by downloading the relevant fix pack:</p><div><table><tbody><tr><td><strong>Affected product(s)</strong></td><td><strong>Version(s)</strong></td><td><strong>Fix Availability</strong></td></tr><tr><td>IBM Security Verify Governance</td><td> 10.0.2</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.2.5&platform=All&function=fixId&fixids=10.0.2.0-ISS-ISVG-IGVA-FP0006&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true\"> </a><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.2.5&platform=All&function=fixId&fixids=10.0.2.0-ISS-ISVG-IGVA-FP0006&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true\">10.0.2.0-ISS-ISVG-IGVA-FP0006</a></td></tr><tr><td>IBM Security Verify Governance - <br>Identity Manager Software Stack</td><td> 10.0.2</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.2.5&platform=All&function=fixId&fixids=10.0.2.0-ISS-ISVG-IMSW-FP0006&includeRequisites=1&includeSupersedes=0&downloadMethod=http\">10.0.2.0-ISS-ISVG-IMSW-FP0006</a></td></tr><tr><td>IBM Security Verify Governance - <br>Identity Manager Virtual Appliance</td><td> 10.0.2</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.2.5&platform=All&function=fixId&fixids=10.0.2.0-ISS-ISVG-IMVA-FP0006&includeRequisites=1&includeSupersedes=0&downloadMethod=http\">10.0.2.0-ISS-ISVG-IMVA-FP0006</a></td></tr></tbody></table></div>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7243303", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.", "supportingMedia": [{"type": "text/html", "value": "IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-28T02:07:51.600Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36003", "state": "PUBLISHED", "dateUpdated": "2025-08-28T14:18:52.198Z", "dateReserved": "2025-04-15T21:16:05.532Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-08-28T02:07:51.600Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}