CVE-2025-36258PATCHED

ibm · infosphere_information_server

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.

Description

Affected Products

Vendor	Product	Versions
ibm	infosphere_information_server	<= 11.7.1.6, 11.7.1.0, 11.7.1.6 Service pack 2

References

https://www.ibm.com/support/pages/node/7266489(Vendor Advisory)

Related News (1 articles)

Tier D

Heise Security6d ago

IBM InfoSphere Information Server speichert Passwörter unverschlüsselt

→ No new info (linked only)

CVSS 3.17.1 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

11.7.1.6

CWECWE-256

PublishedMar 25, 2026

Last enriched5d agov3

Trending Score13

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHPRE-CVE

Multiple Vulnerabilities in IBM Security Verify Access Allowing Privilege Escalation, Code Execution, and Data Exposure

Trending: 27

HIGHCVE-2025-13855

IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

Trending: 26

NONECVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(),

Trending: 18

MEDIUMCVE-2025-14807

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct

Trending: 10

MEDIUMCVE-2025-13490

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.

Trending: 1

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 25, 2026

Exploit Available

Mar 26, 2026

Patch Available

Mar 26, 2026

Discovered by ZDM

Mar 26, 2026

Updated: affectedVersions

Mar 27, 2026

Updated: exploitAvailable

Mar 27, 2026

Version History

Last enriched 5d ago

v3Tier D5d ago

Updated exploit availability to true and confirmed no active exploitation.

exploitAvailable

via Heise Security

v2Tier D5d ago

Updated affected versions to include 11.7.1.0 and 11.7.1.6 Service pack 2, changed severity to CRITICAL, and marked the vulnerability as actively exploited.

affectedVersions

via Heise Security

v15d ago

Initial creation