{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36245", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:43.935Z", "datePublished": "2025-09-29T22:29:33.007Z", "dateUpdated": "2025-10-01T03:55:56.172Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "InfoSphere Information Server", "vendor": "IBM", "versions": [{"lessThanOrEqual": "11.7.1.6", "status": "affected", "version": "11.7.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.</span>"}], "value": "IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-29T22:29:33.007Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7246170"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000004dQz/dt449123\">DT449123</a></td><td>--Apply IBM InfoSphere Information Server version <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/878310\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7182872\">11.7.1.6</a><br><br>--Apply IBM Information Server <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7245759\">11.7.1.6 Service pack 1</a></td></tr></tbody></table>\n\n<br>"}], "value": "IBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT449123 https://www.ibm.com/mysupport/s/defect/aCIgJ0000004dQz/dt449123 --Apply IBM InfoSphere Information Server version 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM Information Server 11.7.1.6 Service pack 1 https://www.ibm.com/support/pages/node/7245759"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM InfoSphere Information Server command execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-30T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-36245"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T03:55:56.172Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36245", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-30T14:33:58.279653Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T14:34:03.340Z"}}], "cna": {"title": "IBM InfoSphere Information Server command execution", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "versionType": "semver", "lessThanOrEqual": "11.7.1.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT449123 https://www.ibm.com/mysupport/s/defect/aCIgJ0000004dQz/dt449123 --Apply IBM InfoSphere Information Server version 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM Information Server 11.7.1.6 Service pack 1 https://www.ibm.com/support/pages/node/7245759", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000004dQz/dt449123\">DT449123</a></td><td>--Apply IBM InfoSphere Information Server version <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/878310\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7182872\">11.7.1.6</a><br><br>--Apply IBM Information Server <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7245759\">11.7.1.6 Service pack 1</a></td></tr></tbody></table>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7246170", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-29T22:29:33.007Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36245", "state": "PUBLISHED", "dateUpdated": "2025-09-30T14:34:07.612Z", "dateReserved": "2025-04-15T21:16:43.935Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-09-29T22:29:33.007Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "989DFCAD-B96B-4FA5-AB43-D24352304233", "versionEndIncluding": "11.7.1.6", "versionStartIncluding": "11.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input."}], "id": "CVE-2025-36245", "lastModified": "2025-10-18T01:24:24.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-09-29T23:15:30.533", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7246170"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}