Skip to main content

Infosphere Information Server CVE-2025-1499

| EUVDEUVD-2025-16576 MEDIUM
Cleartext Storage of Sensitive Information (CWE-312)
2025-06-01 psirt@us.ibm.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 16:42 euvd
EUVD-2025-16576
Analysis Generated
Mar 14, 2026 - 16:42 vuln.today
CVE Published
Jun 01, 2025 - 12:15 nvd
MEDIUM 6.5

DescriptionCVE.org

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Analysis

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Technical ContextAI

This vulnerability is classified as Cleartext Storage of Sensitive Information (CWE-312).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2024-51459 HIGH
8.4 Mar 19

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handl

CVE-2025-0966 HIGH
7.6 Jun 25

CVE-2025-0966 is a SQL injection vulnerability in IBM InfoSphere Information Server 11.7 that allows authenticated remot

CVE-2025-3221 HIGH
7.5 Jun 21

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a denial of service vulnerability caused by

CVE-2026-1567 HIGH
7.1 Mar 03

Infosphere Information Server versions up to 11.7.1.6 is affected by improper restriction of xml external entity referen

CVE-2024-22351 MEDIUM
6.3 Apr 23

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user

CVE-2024-43186 MEDIUM
5.3 Mar 29

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored

CVE-2025-36034 MEDIUM
5.3 Jun 26

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in

CVE-2025-12832 MEDIUM
4.6 Dec 08

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma

CVE-2024-7577 MEDIUM
4.4 Mar 29

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation

CVE-2024-51477 MEDIUM
4.3 Mar 29

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an o

CVE-2025-25045 MEDIUM
4.3 Apr 23

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical erro

CVE-2025-3629 MEDIUM
4.3 Jun 21

CVE-2025-3629 is a security vulnerability (CVSS 4.3) that allows an authenticated user. Remediation should follow standa

Share

CVE-2025-1499 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy