CVE-2025-36422

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-2034 documents4 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 97.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server

Timeline

PublishedMar 25

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/infosphere_information_server11.7.0.0 — 11.7.1.6

▶NVDibm/infosphere_information_server11.7.0.0 — 11.7.1.6

🔴Vulnerability Details

CVEList

IBM InfoSphere Information Server is vulnerable to cross-site request forgery↗2026-03-25

▶

GHSA

GHSA-37g9-j66q-r8h2: IBM InfoSphere Information Server 11↗2026-03-25

▶

📋Vendor Advisories

Microsoft

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbed↗2021-07-13

▶