Refine your search
1 vulnerability found for infosphere_information_server by ibm
CVE-2025-36245 (GCVE-0-2025-36245)
Vulnerability from nvd
Published
2025-09-29 22:29
Modified
2025-10-01 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
IBM | InfoSphere Information Server |
Version: 11.7.0.0 ≤ 11.7.1.6 cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-36245", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-30T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-10-01T03:55:56.172Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "InfoSphere Information Server", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "11.7.1.6", "status": "affected", "version": "11.7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.\u003c/span\u003e" } ], "value": "IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-29T22:29:33.007Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory", "patch" ], "url": "https://www.ibm.com/support/pages/node/7246170" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIBM InfoSphere Information Server\u003c/td\u003e\u003ctd\u003e11.7.0.0 to 11.7.1.6\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000004dQz/dt449123\"\u003eDT449123\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e--Apply IBM InfoSphere Information Server version \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/878310\"\u003e11.7.1.0\u003c/a\u003e\u0026nbsp;\u003cbr\u003e--Apply IBM InfoSphere Information Server version \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7182872\"\u003e11.7.1.6\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e--Apply IBM Information Server \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7245759\"\u003e11.7.1.6 Service pack 1\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e" } ], "value": "IBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT449123 https://www.ibm.com/mysupport/s/defect/aCIgJ0000004dQz/dt449123 --Apply IBM InfoSphere Information Server version 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM Information Server 11.7.1.6 Service pack 1 https://www.ibm.com/support/pages/node/7245759" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM InfoSphere Information Server command execution", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2025-36245", "datePublished": "2025-09-29T22:29:33.007Z", "dateReserved": "2025-04-15T21:16:43.935Z", "dateUpdated": "2025-10-01T03:55:56.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }