Skip to main content

Infosphere Information Server CVE-2025-3221

| EUVDEUVD-2025-18811 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2025-06-21 psirt@us.ibm.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 21:35 euvd
EUVD-2025-18811
Analysis Generated
Mar 15, 2026 - 21:35 vuln.today
CVE Published
Jun 21, 2025 - 13:15 nvd
HIGH 7.5

DescriptionCVE.org

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.

AnalysisAI

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a denial of service vulnerability caused by insufficient validation of incoming request resources (CWE-770: Allocation of Resources Without Limits or Throttling). A remote, unauthenticated attacker can exploit this over the network to exhaust server resources and cause service unavailability. The CVSS 7.5 score reflects high availability impact with no authentication required and low attack complexity.

Technical ContextAI

The vulnerability resides in IBM InfoSphere Information Server's request handling mechanism, which fails to properly validate and limit resource allocation for incoming requests. CWE-770 (Allocation of Resources Without Limits or Throttling) indicates the root cause: the application allocates resources (memory, CPU, connections, or processing capacity) in response to user-controlled input without enforcing limits or rate throttling. This is a classic resource exhaustion attack vector in enterprise data integration platforms. The affected product is IBM InfoSphere Information Server, a data integration and governance tool that processes ETL workflows and metadata. The vulnerable component likely resides in the web services layer, API handler, or request dispatcher that fails to implement proper request validation, rate limiting, or resource quotas before processing begins.

RemediationAI

Upgrade IBM InfoSphere Information Server to version 11.7.1.7 or later (patch version to be confirmed in IBM security bulletin).; priority: Immediate Workaround (Temporary): Implement network-level rate limiting and request throttling using a reverse proxy (e.g., NGINX, Apache) or Web Application Firewall (WAF) in front of InfoSphere servers to limit incoming request rates and resource consumption per source IP.; priority: High Workaround (Temporary): Restrict network access to InfoSphere Information Server to trusted internal networks only; disable external/internet-facing access until patched.; priority: High Monitoring: Monitor InfoSphere server resource utilization (CPU, memory, connection count) for anomalous spikes; alert on sustained high resource consumption from single or distributed sources.; priority: Medium Vendor Advisory: Consult IBM's security advisory and fix pack release notes for detailed patch deployment steps and any compatibility considerations.; link: https://www.ibm.com/support/pages/security-bulletin-infosphere-information-server-remote-denial-service-vulnerability

CVE-2024-51459 HIGH
8.4 Mar 19

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handl

CVE-2025-0966 HIGH
7.6 Jun 25

CVE-2025-0966 is a SQL injection vulnerability in IBM InfoSphere Information Server 11.7 that allows authenticated remot

CVE-2026-1567 HIGH
7.1 Mar 03

Infosphere Information Server versions up to 11.7.1.6 is affected by improper restriction of xml external entity referen

CVE-2025-1499 MEDIUM
6.5 Jun 01

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext paramete

CVE-2024-22351 MEDIUM
6.3 Apr 23

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user

CVE-2024-43186 MEDIUM
5.3 Mar 29

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored

CVE-2025-36034 MEDIUM
5.3 Jun 26

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in

CVE-2025-12832 MEDIUM
4.6 Dec 08

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma

CVE-2024-7577 MEDIUM
4.4 Mar 29

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation

CVE-2024-51477 MEDIUM
4.3 Mar 29

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an o

CVE-2025-25045 MEDIUM
4.3 Apr 23

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical erro

CVE-2025-3629 MEDIUM
4.3 Jun 21

CVE-2025-3629 is a security vulnerability (CVSS 4.3) that allows an authenticated user. Remediation should follow standa

Share

CVE-2025-3221 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy