CVE-2025-36221

MEDIUM

Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Title source: cna
STIX 2.1

Description

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7273923

Scores

CVSS v3 5.3
EPSS 0.0039
EPSS Percentile 30.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-1392
Status published
Products (3)
IBM/Cloud Pak for Data System - Cyclops 11.3.0.2 - Interim Fix 002
ibm/cloud_pak_for_data_system_-_cyclops 11.3.0.2 (2 CPE variants)
ibm/cloud_pak_for_data_system_-_cyclops < 11.3.0.2
Published May 26, 2026
Tracked Since May 26, 2026