CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7266489	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

26 Mar 2026, 18:18

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:ibm:infosphere_information_server::::::::
References	~~() https://www.ibm.com/support/pages/node/7266489 -~~	() https://www.ibm.com/support/pages/node/7266489 - Vendor Advisory
First Time		Linux Microsoft Microsoft windows Ibm aix Ibm infosphere Information Server Ibm Linux linux Kernel
Summary		(es) El producto IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 almacena credenciales de usuario y otra información sensible en texto plano que puede ser leída por un usuario local.

25 Mar 2026, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-25 21:16

Updated : 2026-03-26 18:18

NVD link : CVE-2025-36258

Mitre link : CVE-2025-36258

CVE.ORG link : CVE-2025-36258

JSON object : View

Products Affected

microsoft

windows

linux

linux_kernel

ibm

infosphere_information_server
aix

CWE

CWE-256

Plaintext Storage of a Password

{"id": "CVE-2025-36258", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2026-03-25T21:16:24.917", "references": [{"url": "https://www.ibm.com/support/pages/node/7266489", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user."}, {"lang": "es", "value": "El producto IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 almacena credenciales de usuario y otra informaci\u00f3n sensible en texto plano que puede ser le\u00edda por un usuario local."}], "lastModified": "2026-03-26T18:18:27.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65FBF88B-61F0-4D42-A290-453FDC874D7F", "versionEndIncluding": "11.7.1.6", "versionStartIncluding": "11.7.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}