{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36258", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:44.888Z", "datePublished": "2026-03-25T20:25:21.329Z", "dateUpdated": "2026-03-25T20:25:21.329Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:25:21.329Z"}, "title": "IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "lessThanOrEqual": "11.7.1.6", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266489", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT461542 https://www.ibm.com/mysupport/s/defect/aCIgJ0000009sNl/dt461542 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><br><table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\" DT461542\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000009sNl/dt461542\" rel=\"nofollow\">DT461542</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a></td></tr></tbody></table></div><p><br></p>"}]}], "x_generator": {"engine": "ibm-cvegen"}, "workarounds": [{"lang": "en", "value": "Workarounds and Mitigations On the Microservices tier, change the file permissions: - cd </INSTALL_PATH/ugdockerfiles> - chmod 0600 uginfo.rsp - chmod 0600 inventory.yaml", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Workarounds and Mitigations On the Microservices tier, change the file permissions: - cd &lt;/INSTALL_PATH/ugdockerfiles&gt; - chmod 0600 uginfo.rsp - chmod 0600 inventory.yaml</p>"}]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user."}], "id": "CVE-2025-36258", "lastModified": "2026-03-25T21:16:24.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.0, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T21:16:24.917", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7266489"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T21:25:12.311610+00:00", "value": {"mitigation_remediation": ["Apply the IBM InfoSphere Information Server 11.7.1.0 patch or later to remove plaintext password storage", "Apply the IBM InfoSphere Information Server 11.7.1.6 patch or Service Pack\u00a02 to replace the affected component", "As a temporary workaround, modify the file permissions in the Microservices tier: run \"chmod 0600 uginfo.rsp\" and \"chmod 0600 inventory.yaml\" under </INSTALL_PATH/ugdockerfiles>", "Verify that no older unpatched versions remain in use and conduct regular audits of file permissions"], "summary": {"action": "Immediate Patch", "impact": "Local Information Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects IBM\u202fInfoSphere\u202fInformation Server, specifically versions 11.7.0.0 up to and including 11.7.1.6. The vendor has issued remediation for these releases, with patches available for 11.7.1.0 and 11.7.1.6, as well as a Service Pack\u00a02 for 11.7.1.6.", "description_and_impact": "IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 store user credentials and other sensitive data in plain text. This design flaw means that any local user on a system running the product can directly read the stored passwords. As a result, an attacker who gains local access can compromise the confidentiality of account credentials, potentially enabling further lateral movement or unauthorized system access. The weakness aligns with CWE\u2011256, Insecure Storage of Passwords.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high severity issue, and while the EPSS score is not supplied, the lack of listing in the CISA KEV catalog suggests no publicly known exploitation yet. The likely attack vector is local; an attacker needs to be able to execute code or read files on the host machine to read the plaintext credentials. Given that the data is stored without encryption, the exploitation path is straightforward for a local malicious user, resulting in significant confidentiality risk."}}}}, "created": "2026-03-25T21:46:09.209272+00:00", "updated": "2026-03-25T21:46:09.209353+00:00", "vendors": []}