Request a Demo
Rewterz
CISA Warns of D-Link Router Buffer Overflow Attacks
December 9, 2025
Rewterz
Multiple Intel Products Vulnerabilities
December 9, 2025

Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-36140 CVSS:6.5

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.

CVE-2025-12635 CVSS:5.4

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.

CVE-2025-64650 CVSS:6.5

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.

CVE-2025-12832 CVSS:4.6

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2025-36017 CVSS:6.5

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.

CVE-2025-36102 CVSS:2.7

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security.

CVE-2025-33111 CVSS:4.3

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.

CVE-2025-36015 CVSS:6.5

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.

Impact

  • Denial of Service
  • Gain Access
  • Security Bypass
  • Cross-Site Scripting
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2025-36140
  • CVE-2025-12635
  • CVE-2025-64650
  • CVE-2025-12832
  • CVE-2025-36017
  • CVE-2025-36102
  • CVE-2025-33111
  • CVE-2025-36015

Affected Vendors

  • IBM

Affected Products

  • IBM WebSphere Application Server 8.5
  • IBM WebSphere Application Server 9.0
  • IBM WebSphere Application Server Liberty 17.0.0.3
  • IBM Cognos Controller 11.0.0
  • IBM Storage Defender - Resiliency Service 2.0.0
  • IBM watsonx.data 2.2
  • IBM watsonx.data 2.2.1
  • IBM WebSphere Application Server Liberty 25.0.0.12
  • IBM Storage Defender - Resiliency Service 2.0.18
  • IBM InfoSphere Information Server 11.7.0.0
  • IBM InfoSphere Information Server 11.7.1.6
  • IBM Controller 11.1.0
  • IBM Controller 11.1.1
  • IBM Cognos Controller 11.0.1

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-36140

CVE-2025-12635

CVE-2025-64650

CVE-2025-12832

CVE-2025-36017

CVE-2025-36102

CVE-2025-33111

CVE-2025-36015