CVE-2025-36258
Plaintext Credential Exposure in IBM InfoSphere Information Server
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | infosphere_information_server | From 11.7.0.0 (inc) to 11.7.1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves storing user credentials and other sensitive information in plaintext, which can be accessed by a local user. This exposure of sensitive data can potentially lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require proper protection of personal and sensitive information.
Since the vulnerability results in a high confidentiality impact, organizations using the affected IBM InfoSphere Information Server versions may face increased risk of unauthorized data disclosure, which could violate regulatory requirements for data security and privacy.
IBM advises customers to assess the impact of this vulnerability in their specific environments and apply the recommended fixes and mitigations to reduce the risk and help maintain compliance.
Can you explain this vulnerability to me?
CVE-2025-36258 is a vulnerability in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 where the product stores user credentials and other sensitive information in plaintext.
This means that a local user on the system can read these sensitive details without needing any special privileges or user interaction.
The vulnerability is classified under CWE-256: Plaintext Storage of a Password.
How can this vulnerability impact me? :
This vulnerability allows a local attacker to access sensitive information such as user credentials stored in plaintext.
Because the confidentiality impact is high, an attacker could potentially use these credentials to gain unauthorized access to systems or data.
However, the vulnerability does not impact integrity or availability, meaning it does not allow modification or disruption of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves IBM InfoSphere Information Server storing user credentials and sensitive information in plaintext files accessible by local users.
To detect this vulnerability on your system, you should check the presence and permissions of the files `uginfo.rsp` and `inventory.yaml` located in the `<INSTALL_PATH/ugdockerfiles>` directory.
Suggested commands to detect the vulnerability include checking file permissions and contents locally, for example:
- ls -l <INSTALL_PATH>/ugdockerfiles/uginfo.rsp
- ls -l <INSTALL_PATH>/ugdockerfiles/inventory.yaml
- cat <INSTALL_PATH>/ugdockerfiles/uginfo.rsp
- cat <INSTALL_PATH>/ugdockerfiles/inventory.yaml
If these files contain plaintext credentials and have permissions more permissive than 0600, the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting file permissions on the affected files to prevent unauthorized local access.
- Set the permissions of the files `uginfo.rsp` and `inventory.yaml` located in the `<INSTALL_PATH/ugdockerfiles>` directory to 0600 using the command:
- chmod 600 <INSTALL_PATH>/ugdockerfiles/uginfo.rsp
- chmod 600 <INSTALL_PATH>/ugdockerfiles/inventory.yaml
Additionally, apply the fixes provided by IBM in versions 11.7.1.0, 11.7.1.6, or the 11.7.1.6 Service Pack 2 as referenced by APAR DT461542 to fully remediate the vulnerability.