{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36082", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:13.890Z", "datePublished": "2025-09-15T15:31:45.446Z", "dateUpdated": "2025-09-15T15:52:49.614Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:openpages_with_watson:9.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "OpenPages", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.0"}, {"status": "affected", "version": "9.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system."}], "value": "IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-525", "description": "CWE-525 Information Exposure Through Browser Caching", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-15T15:31:45.446Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7244777"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Affected endpoints have been updated to use Cache-Control : no-store header to align with security best practices. A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below:</p><p>&nbsp;</p><div><table><tbody><tr><td><p><strong>Product</strong></p></td><td><p><strong>Remediation</strong></p></td></tr><tr><td><p>For IBM OpenPages <strong>9.1.1</strong></p><p>&nbsp;</p></td><td><p><strong>Download URL for 9.1.1</strong></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage\">http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage</a></p></td></tr><tr><td><p>For IBM OpenPages <strong>9.0</strong></p><p>&nbsp;</p><p>- Apply 9.0 FixPack 5 <strong>(9.0.0.5)</strong></p><p>- Then Apply 9.0.05 Interim Fix 5 (<strong>9.0.0.5.5</strong>)</p></td><td><p><strong>Download URL for 9.0.0.5</strong></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\">https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5</a></p><p>&nbsp;</p><p><strong>Download URL for 9.0.0.5.5</strong></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-5\">https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-5</a></p><p>&nbsp;</p></td></tr></tbody></table></div><p>&nbsp;</p><p><br>For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version<strong>&nbsp;9.0 or </strong><strong>9.1.1</strong>&nbsp;of the product.</p>\n\n<br>"}], "value": "Affected endpoints have been updated to use Cache-Control : no-store header to align with security best practices. A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below:\n\n\u00a0\n\nProduct\n\nRemediation\n\nFor IBM OpenPages 9.1.1\n\n\u00a0\n\nDownload URL for 9.1.1\n\n http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage \n\nFor IBM OpenPages 9.0\n\n\u00a0\n\n- Apply 9.0 FixPack 5 (9.0.0.5)\n\n- Then Apply 9.0.05 Interim Fix 5 (9.0.0.5.5)\n\nDownload URL for 9.0.0.5\n\n https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 \n\n\u00a0\n\nDownload URL for 9.0.0.5.5\n\n https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-5 \n\n\u00a0\n\n\n\n\u00a0\n\n\nFor IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version\u00a09.0 or 9.1.1\u00a0of the product."}], "source": {"discovery": "UNKNOWN"}, "title": "IBM OpenPages information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-15T15:52:43.589158Z", "id": "CVE-2025-36082", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-15T15:52:49.614Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-15T15:52:43.589158Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-15T15:52:46.041Z"}}], "cna": {"title": "IBM OpenPages information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:openpages_with_watson:9.1:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "OpenPages", "versions": [{"status": "affected", "version": "9.0"}, {"status": "affected", "version": "9.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Affected endpoints have been updated to use Cache-Control : no-store header to align with security best practices. A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below:\n\n\u00a0\n\nProduct\n\nRemediation\n\nFor IBM OpenPages 9.1.1\n\n\u00a0\n\nDownload URL for 9.1.1\n\n http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage \n\nFor IBM OpenPages 9.0\n\n\u00a0\n\n- Apply 9.0 FixPack 5 (9.0.0.5)\n\n- Then Apply 9.0.05 Interim Fix 5 (9.0.0.5.5)\n\nDownload URL for 9.0.0.5\n\n https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 \n\n\u00a0\n\nDownload URL for 9.0.0.5.5\n\n https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-5 \n\n\u00a0\n\n\n\n\u00a0\n\n\nFor IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version\u00a09.0 or 9.1.1\u00a0of the product.", "supportingMedia": [{"type": "text/html", "value": "<p>Affected endpoints have been updated to use Cache-Control : no-store header to align with security best practices. A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below:</p><p>&nbsp;</p><div><table><tbody><tr><td><p><strong>Product</strong></p></td><td><p><strong>Remediation</strong></p></td></tr><tr><td><p>For IBM OpenPages <strong>9.1.1</strong></p><p>&nbsp;</p></td><td><p><strong>Download URL for 9.1.1</strong></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage\">http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage</a></p></td></tr><tr><td><p>For IBM OpenPages <strong>9.0</strong></p><p>&nbsp;</p><p>- Apply 9.0 FixPack 5 <strong>(9.0.0.5)</strong></p><p>- Then Apply 9.0.05 Interim Fix 5 (<strong>9.0.0.5.5</strong>)</p></td><td><p><strong>Download URL for 9.0.0.5</strong></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\">https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5</a></p><p>&nbsp;</p><p><strong>Download URL for 9.0.0.5.5</strong></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-5\">https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-5</a></p><p>&nbsp;</p></td></tr></tbody></table></div><p>&nbsp;</p><p><br>For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version<strong>&nbsp;9.0 or </strong><strong>9.1.1</strong>&nbsp;of the product.</p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7244777", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system.", "supportingMedia": [{"type": "text/html", "value": "IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-525", "description": "CWE-525 Information Exposure Through Browser Caching"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-15T15:31:45.446Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36082", "state": "PUBLISHED", "dateUpdated": "2025-09-15T15:52:49.614Z", "dateReserved": "2025-04-15T21:16:13.890Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-09-15T15:31:45.446Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:openpages:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4D7EA3D-F8C3-48AB-942A-11919C0B7687", "versionEndExcluding": "9.0.0.5", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:openpages:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F78E4CFE-31E7-4FFF-8DB4-6D7AC69A2248", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system."}], "id": "CVE-2025-36082", "lastModified": "2025-09-24T13:17:27.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-09-15T16:15:37.267", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7244777"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-525"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}