CVE-2025-1499

{"id": "CVE-2025-1499", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-06-01T12:15:24.230", "references": [{"url": "https://www.ibm.com/support/pages/node/7233154", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user."}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7 almacena informaci\u00f3n de credenciales para la autenticaci\u00f3n de la base de datos en un archivo de par\u00e1metros de texto sin formato que puede ser visto por un usuario autenticado."}], "lastModified": "2025-06-09T18:08:54.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BCD0E05-A8D1-4F6E-B88C-A48CCE006EDB"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}