Skip to main content

Infosphere Information Server EUVDEUVD-2025-25801

| CVE-2025-36034 MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2025-06-26 psirt@us.ibm.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 23:54 euvd
EUVD-2025-25801
Analysis Generated
Mar 15, 2026 - 23:54 vuln.today
CVE Published
Jun 26, 2025 - 16:15 nvd
MEDIUM 5.3

DescriptionCVE.org

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

Analysis

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

Technical ContextAI

This vulnerability is classified as Cleartext Transmission of Sensitive Information (CWE-319).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2024-51459 HIGH
8.4 Mar 19

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handl

CVE-2025-0966 HIGH
7.6 Jun 25

CVE-2025-0966 is a SQL injection vulnerability in IBM InfoSphere Information Server 11.7 that allows authenticated remot

CVE-2025-3221 HIGH
7.5 Jun 21

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a denial of service vulnerability caused by

CVE-2026-1567 HIGH
7.1 Mar 03

Infosphere Information Server versions up to 11.7.1.6 is affected by improper restriction of xml external entity referen

CVE-2025-1499 MEDIUM
6.5 Jun 01

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext paramete

CVE-2024-22351 MEDIUM
6.3 Apr 23

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user

CVE-2024-43186 MEDIUM
5.3 Mar 29

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored

CVE-2025-12832 MEDIUM
4.6 Dec 08

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma

CVE-2024-7577 MEDIUM
4.4 Mar 29

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation

CVE-2024-51477 MEDIUM
4.3 Mar 29

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an o

CVE-2025-25045 MEDIUM
4.3 Apr 23

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical erro

CVE-2025-3629 MEDIUM
4.3 Jun 21

CVE-2025-3629 is a security vulnerability (CVSS 4.3) that allows an authenticated user. Remediation should follow standa

Share

EUVD-2025-25801 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy