Severity
High
Analysis Summary
CVE-2025-3629 CVSS:4.3
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.
CVE-2025-3221 CVSS:7.5
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.
CVE-2025-36016 CVSS:6.8
IBM Process Mining 2.0.1 IF001 and 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
Impact
- Denial of Service
- Gain Access
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-3629
CVE-2025-3221
CVE-2025-36016
Affected Vendors
- IBM
Affected Products
- IBM InfoSphere Information Server 11.7.0.0 - 11.7.1.6
- IBM Process Mining 2.0.1 IF001 and 2.0.1
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.