Description
IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
Published: 2026-03-25
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive information exposure via insecure log files
Action: Immediate update
AI Analysis

Impact

A local privileged user can read log files created by IBM Knowledge Catalog Standard Cartridge that may contain confidential information, because those logs are written with inadequate access controls. The technical weakness is insecure logging (CWE‑532) and poses a data disclosure risk.

Affected Systems

IBM Knowledge Catalog Standard Cartridge versions 5.0.0 through 5.2.1, including the standard cartridge component, are impacted. Users running any of these releases on IBM or Red Hat OpenShift environments should be aware that log files are accessible to local administrators.

Risk and Exploitability

The CVSS score of 4.4 indicates a low to moderate severity, and the EPSS score of less than 1 % shows a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, implying it has not been broadly exploited yet. However, because the attacker only needs local privileged access, which is attainable on many systems, the potential data exposure is significant. Exploitation requires local administrative privileges and results in reading unwarranted log files.

Generated by OpenCVE AI on April 1, 2026 at 05:27 UTC.

Remediation

Vendor Solution

Affected Product(s)Version(s)IBM Knowledge Catalog Standard Cartridge5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1

OpenCVE Recommended Actions

  • Upgrade IBM Knowledge Catalog Standard Cartridge to a version that fixes the log‑file access issue and remove the affected releases from deployment.
  • If an upgrade cannot be applied immediately, restrict log file permissions to the minimal necessary services and eliminate sensitive data from the logs.
  • Ensure that privileged accounts on the platform use least‑privilege principles and audit file access to detect unusual read operations.
  • Consult IBM support or the provided IBM support page for the latest patch information and rollout guidance.

Generated by OpenCVE AI on April 1, 2026 at 05:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Ibm knowledge Catalog
Redhat
Redhat openshift
CPEs cpe:2.3:a:ibm:knowledge_catalog:5.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:knowledge_catalog:5.0.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:knowledge_catalog:5.0.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:knowledge_catalog:5.0.3:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:knowledge_catalog:5.1.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:knowledge_catalog:5.1.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:knowledge_catalog:5.1.3:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:knowledge_catalog:5.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:knowledge_catalog:5.2.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:knowledge_catalog:5.2.1:*:*:*:standard:*:*:*
cpe:2.3:o:redhat:openshift:-:*:*:*:*:*:*:*
Vendors & Products Ibm knowledge Catalog
Redhat
Redhat openshift

Thu, 26 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Description IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
Title Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge
First Time appeared Ibm
Ibm knowledge Catalog Standard Cartridge
Weaknesses CWE-532
CPEs cpe:2.3:a:ibm:knowledge_catalog_standard_cartridge:5.0.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm knowledge Catalog Standard Cartridge
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ibm Knowledge Catalog Standard Cartridge
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-26T16:09:45.856Z

Reserved: 2025-04-15T21:16:23.420Z

Link: CVE-2025-36187

cve-icon Vulnrichment

Updated: 2026-03-26T16:09:43.402Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T22:16:19.090

Modified: 2026-03-31T20:22:17.383

Link: CVE-2025-36187

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:59:02Z

Weaknesses