CVE-2025-36034
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-08-14
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | infosphere_information_server | 11.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM InfoSphere DataStage Flow Designer (part of IBM InfoSphere Information Server 11.7) involves the cleartext transmission of sensitive user information in API requests. Because the data is sent unencrypted, attackers can intercept this information using man-in-the-middle techniques. It is classified under CWE-319 (Cleartext Transmission of Sensitive Information) and has a CVSS v3.1 base score of 5.3, indicating a moderate severity with high confidentiality impact but no impact on integrity or availability. [1]
How can this vulnerability impact me? :
This vulnerability can lead to the exposure of sensitive user information if an attacker is able to intercept API requests between the client and server. Such interception could compromise confidentiality of data, potentially leading to unauthorized access to sensitive information. However, it does not affect data integrity or availability. The attack requires network access and has a high attack complexity, but only low privileges are needed and no user interaction is required. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply updates to IBM InfoSphere Information Server versions 11.7.1.0 through 11.7.1.6 and install the InfoSphere DataStage Flow Designer security patch. No workarounds or mitigations are currently available. [1]