CVE-2025-36422
Cross-Site Request Forgery in IBM InfoSphere DataStage Flow Designer
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | infosphere_information_server | From 11.7.0.0 (inc) to 11.7.1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-36422 is a cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server, specifically in the DataStage Flow Designer component versions 11.7.0.0 through 11.7.1.6.
This vulnerability allows an attacker to trick a user into executing unauthorized and malicious actions on the website that the user is authenticated to, by exploiting the trust the website has in the user's browser.
The attack requires user interaction but no special privileges, and it can be performed remotely over the network.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform unauthorized actions on your IBM InfoSphere DataStage Flow Designer environment without your consent.
Although it does not affect confidentiality or availability, it has a low impact on integrity, meaning attackers could potentially alter data or configurations in a limited way.
Since the attack requires user interaction, the risk depends on users being tricked into executing malicious requests.
There are currently no workarounds or mitigations available, so applying the provided fixes or upgrading to patched versions is necessary to protect against this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the fixes provided in APAR DT454212.
Upgrade affected IBM InfoSphere Information Server versions to 11.7.1.0, 11.7.1.6, or apply the 11.7.1.6 Service Pack 2.
Currently, no workarounds or mitigations are available other than applying the official fixes and upgrades.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2025-36422 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.