{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36034", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:09.684Z", "datePublished": "2025-06-26T15:14:10.478Z", "dateUpdated": "2025-06-26T15:23:43.304Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "InfoSphere Information Server", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.7"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques."}], "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-06-26T15:14:10.478Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7237604"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT439751 --Apply InfoSphere Information Server version 11.7.1.0 <br>--Apply InfoSphere Information Server version 11.7.1.6<br><br>--Apply InfoSphere DataStage Flow Designer security patch<br>"}], "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT439751 --Apply InfoSphere Information Server version 11.7.1.0 \n--Apply InfoSphere Information Server version 11.7.1.6\n\n--Apply InfoSphere DataStage Flow Designer security patch"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM InfoSphere DataStage Flow Designer information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-26T15:23:29.279197Z", "id": "CVE-2025-36034", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T15:23:43.304Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36034", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-26T15:23:29.279197Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T15:23:38.512Z"}}], "cna": {"title": "IBM InfoSphere DataStage Flow Designer information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT439751 --Apply InfoSphere Information Server version 11.7.1.0 \n--Apply InfoSphere Information Server version 11.7.1.6\n\n--Apply InfoSphere DataStage Flow Designer security patch", "supportingMedia": [{"type": "text/html", "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT439751 --Apply InfoSphere Information Server version 11.7.1.0 <br>--Apply InfoSphere Information Server version 11.7.1.6<br><br>--Apply InfoSphere DataStage Flow Designer security patch<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7237604", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.", "supportingMedia": [{"type": "text/html", "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-06-26T15:14:10.478Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36034", "state": "PUBLISHED", "dateUpdated": "2025-06-26T15:23:43.304Z", "dateReserved": "2025-04-15T21:16:09.684Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-06-26T15:14:10.478Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques."}], "id": "CVE-2025-36034", "lastModified": "2025-06-26T18:57:43.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-06-26T16:15:28.567", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7237604"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}