{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36034", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:09.684Z", "datePublished": "2025-06-26T15:14:10.478Z", "dateUpdated": "2025-08-26T14:51:14.232Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "InfoSphere Information Server", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.7"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques."}], "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-26T14:51:14.232Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7237604"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT439751 --Apply InfoSphere Information Server version 11.7.1.0 <br>--Apply InfoSphere Information Server version 11.7.1.6<br><br>--Apply InfoSphere DataStage Flow Designer security patch<br>"}], "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT439751 --Apply InfoSphere Information Server version 11.7.1.0 \n--Apply InfoSphere Information Server version 11.7.1.6\n\n--Apply InfoSphere DataStage Flow Designer security patch"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM InfoSphere DataStage Flow Designer information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-26T15:23:29.279197Z", "id": "CVE-2025-36034", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T15:23:43.304Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36034", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-26T15:23:29.279197Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T15:23:38.512Z"}}], "cna": {"title": "IBM InfoSphere DataStage Flow Designer information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT439751 --Apply InfoSphere Information Server version 11.7.1.0 \n--Apply InfoSphere Information Server version 11.7.1.6\n\n--Apply InfoSphere DataStage Flow Designer security patch", "supportingMedia": [{"type": "text/html", "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT439751 --Apply InfoSphere Information Server version 11.7.1.0 <br>--Apply InfoSphere Information Server version 11.7.1.6<br><br>--Apply InfoSphere DataStage Flow Designer security patch<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7237604", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.", "supportingMedia": [{"type": "text/html", "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-26T14:51:14.232Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36034", "state": "PUBLISHED", "dateUpdated": "2025-08-26T14:51:14.232Z", "dateReserved": "2025-04-15T21:16:09.684Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-06-26T15:14:10.478Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques."}, {"lang": "es", "value": "IBM InfoSphere DataStage Flow Designer en IBM InfoSphere Information Server 11.7 revela informaci\u00f3n confidencial del usuario en solicitudes API en texto claro que podr\u00eda ser interceptada mediante t\u00e9cnicas de intermediario."}], "id": "CVE-2025-36034", "lastModified": "2025-08-14T20:57:36.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-26T16:15:28.567", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7237604"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}