CVE-2025-3629 PUBLISHED

IBM InfoSphere Information Server file manipulation

Assigner: ibm
Reserved: 15.04.2025 Published: 21.06.2025 Updated: 21.06.2025

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6

could allow an authenticated user to delete another user's comments due to improper ownership management.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	InfoSphere Information Server
Versions	Default: unaffected affected from 11.7.0.0 to 11.7.1.6 (incl.)

Solutions

InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT434984 --Apply InfoSphere Information Server version 11.7.1.0 --Apply InfoSphere Information Server version 11.7.1.6

--Apply Information Server Microservices tier security patch

References

https://www.ibm.com/support/pages/node/7235496

Problem Types

CWE-282 Improper Ownership Management CWE