Executive Summary

CVE-2025-36258 is a vulnerability in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 where the product stores user credentials and other sensitive information in plaintext.

This means that a local user on the system can read these sensitive details without needing any special privileges or user interaction.

The vulnerability is classified under CWE-256: Plaintext Storage of a Password.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows a local attacker to access sensitive information such as user credentials stored in plaintext.

Because the confidentiality impact is high, an attacker could potentially use these credentials to gain unauthorized access to systems or data.

However, the vulnerability does not impact integrity or availability, meaning it does not allow modification or disruption of the system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves IBM InfoSphere Information Server storing user credentials and sensitive information in plaintext files accessible by local users.

To detect this vulnerability on your system, you should check the presence and permissions of the files `uginfo.rsp` and `inventory.yaml` located in the `<INSTALL_PATH/ugdockerfiles>` directory.

Suggested commands to detect the vulnerability include checking file permissions and contents locally, for example:

• ls -l <INSTALL_PATH>/ugdockerfiles/uginfo.rsp
• ls -l <INSTALL_PATH>/ugdockerfiles/inventory.yaml
• cat <INSTALL_PATH>/ugdockerfiles/uginfo.rsp
• cat <INSTALL_PATH>/ugdockerfiles/inventory.yaml

If these files contain plaintext credentials and have permissions more permissive than 0600, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting file permissions on the affected files to prevent unauthorized local access.

• Set the permissions of the files `uginfo.rsp` and `inventory.yaml` located in the `<INSTALL_PATH/ugdockerfiles>` directory to 0600 using the command:
• chmod 600 <INSTALL_PATH>/ugdockerfiles/uginfo.rsp
• chmod 600 <INSTALL_PATH>/ugdockerfiles/inventory.yaml

Additionally, apply the fixes provided by IBM in versions 11.7.1.0, 11.7.1.6, or the 11.7.1.6 Service Pack 2 as referenced by APAR DT461542 to fully remediate the vulnerability.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability involves storing user credentials and other sensitive information in plaintext, which can be accessed by a local user. This exposure of sensitive data can potentially lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require proper protection of personal and sensitive information.

Since the vulnerability results in a high confidentiality impact, organizations using the affected IBM InfoSphere Information Server versions may face increased risk of unauthorized data disclosure, which could violate regulatory requirements for data security and privacy.

IBM advises customers to assess the impact of this vulnerability in their specific environments and apply the recommended fixes and mitigations to reduce the risk and help maintain compliance.

Useful 0 Not Useful 0