CVE-2025-36422 PUBLISHED

IBM InfoSphere Information Server is vulnerable to cross-site request forgery

Assigner: ibm
Reserved: 15.04.2025 Published: 25.03.2026 Updated: 25.03.2026

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	InfoSphere Information Server
Versions	affected from 11.7.0.0 to 11.7.1.6 (incl.)

Solutions

ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT454212 https://www.ibm.com/mysupport/s/defect/aCIgJ0000006kUn/dt454212 --Apply IBM InfoSphere Information Server version 11.7.1.0 https://www.ibm.com/support/pages/node/878310 --Apply IBM InfoSphere Information Server version 11.7.1.6 https://www.ibm.com/support/pages/node/7182872

--Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779

References

https://www.ibm.com/support/pages/node/7266685

Problem Types

CWE-352 Cross-Site Request Forgery (CSRF) CWE