CVE-2025-36118 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ibm	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

Vulnerability Media Exposure

[GERMAN] IBM SAN Volume Controller, Storwize und FlashSystem: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM SAN Volume Controller, IBM Storwize und IBM FlashSystem ausnutzen, um Informationen offenzulegen.
Published: 2025-11-16T23:00:00+00:00

References

https://www.ibm.com/support/pages/node/7250954