CVE-2025-3221 PUBLISHED

IBM InfoSphere Information Server denial of service

Assigner: ibm
Reserved: 03.04.2025 Published: 21.06.2025 Updated: 21.06.2025

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	InfoSphere Information Server
Versions	Default: unaffected affected from 11.7.0.0 to 11.7.1.6 (incl.)

Solutions

InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT434984 --Apply InfoSphere Information Server version 11.7.1.0 --Apply InfoSphere Information Server version 11.7.1.6

--Apply Information Server Microservices tier security patch

References

https://www.ibm.com/support/pages/node/7235496

Problem Types

CWE-770 Allocation of Resources Without Limits or Throttling CWE