CVE-2025-36034

Published: Jun 26, 2025Modified: Aug 14, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

Affected (1)

Products: Ibm: Infosphere Information Server

Ibm

1 product

Infosphere Information Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Information Server	Version 11.7

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

https://www.ibm.com/support/pages/node/7237604

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.