CVE-2025-36422— IBM InfoSphere Information Server is vulnerable to cross-site request forgery
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-36422
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM InfoSphere Information Server is vulnerable to cross-site request forgery
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM InfoSphere DataStage Flow Designer 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM InfoSphere DataStage Flow Designer是美国国际商业机器(IBM)公司的一个基于 Web 的数据阶段流程设计器。 IBM InfoSphere DataStage Flow Designer 11.7.1.6及之前版本存在跨站请求伪造漏洞,该漏洞源于容易受到跨站请求伪造攻击,可能导致攻击者执行恶意和未经授权的操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM | InfoSphere Information Server | 11.7.0.0 ~ 11.7.1.6 | cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:* |
II. Public POCs for CVE-2025-36422
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-36422
Please Login to view more intelligence information
Same Patch Batch · IBM · 2026-03-25 · 25 CVEs total
| CVE-2025-36258 | 7.1 HIGH | IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password |
| CVE-2025-14917 | 6.7 MEDIUM | IBM WebSphere Application Server Liberty could provide weaker than expected security |
| CVE-2025-14790 | 6.5 MEDIUM | IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information |
| CVE-2025-14807 | 6.5 MEDIUM | IBM InfoSphere Information Server is vulnerable to HTTP header injection |
| CVE-2025-14915 | 6.5 MEDIUM | IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerabili |
| CVE-2026-1014 | 6.5 MEDIUM | IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information |
| CVE-2025-14810 | 6.3 MEDIUM | IBM InfoSphere Information Server is vulnerable due to insufficient session expiration |
| CVE-2025-64646 | 6.2 MEDIUM | Multiple Vulnerabilities in IBM Concert Software |
| CVE-2025-12708 | 6.2 MEDIUM | Multiple Vulnerabilities in IBM Concert Software |
| CVE-2025-64647 | 5.9 MEDIUM | Multiple Vulnerabilities in IBM Concert Software |
| CVE-2025-64648 | 5.9 MEDIUM | Multiple Vulnerabilities in IBM Concert Software |
| CVE-2025-14974 | 5.7 MEDIUM | IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference |
| CVE-2026-1015 | 5.4 MEDIUM | IBM InfoSphere Information Server is vulnerable to server-side request forgery |
| CVE-2026-2483 | 5.4 MEDIUM | IBM InfoSphere Information Server Cross-Site Scripting |
| CVE-2025-14912 | 5.4 MEDIUM | IBM InfoSphere Information Server is vulnerable to server-side request forgery |
| CVE-2026-1561 | 5.4 MEDIUM | IBM WebSphere Application Server Liberty Server-Side Request Forgery |
| CVE-2025-36438 | 5.1 MEDIUM | Multiple Vulnerabilities in IBM Concert Software |
| CVE-2025-36440 | 5.1 MEDIUM | Multiple Vulnerabilities in IBM Concert Software |
| CVE-2026-2485 | 4.8 MEDIUM | IBM InfoSphere Information Server Cross-Site Scripting |
| CVE-2025-36187 | 4.4 MEDIUM | Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge |
Showing top 20 of 25 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: InfoSphere Information Server
- CVE-2025-14807
IBM InfoSphere Information Server is vulnerable to HTTP head - CVE-2026-1015
IBM InfoSphere Information Server is vulnerable to server-si - CVE-2026-1014
IBM InfoSphere Information Server is vulnerable due to discl - CVE-2026-2483
IBM InfoSphere Information Server Cross-Site Scripting - CVE-2026-2484
IBM InfoSphere Information Server Information Disclosure
Same vendor: IBM
- CVE-2026-1577
IBM® Db2® is vulnerable to a denial of service with a specia - CVE-2025-36122
IBM® Db2® is vulnerable to a denial of service with a specia - CVE-2025-14688
IBM® Db2® is vulnerable to a denial of service when fetching - CVE-2026-2311
IBM i is affected by a privilege escalation vulnerability in - CVE-2025-36180
Inadequate Pod Communication Restrictions, affects watsonx.d
Same weakness: CWE-352
- CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions - CVE-2026-42190
RedwoodSDK: Same-site CSRF in in server actions - CVE-2026-5791
CSRF in DivvyDrive Information Technologies' DivvyDrive - CVE-2026-27415
WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery - CVE-2025-68604
WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request For
V. Comments for CVE-2025-36422
No comments yet