Analysis Summary

CVE-2025-25046 CVSS:3.7

IBM InfoSphere Information Server DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man-in-the-middle techniques.

CVE-2025-25045 CVSS:4.3

A vulnerability exists in IBM InfoSphere Information Server where an authenticated user can access sensitive details through detailed technical error messages. These error responses potentially expose information that could be leveraged for subsequent system attacks.

CVE-2024-22351 CVSS:6.3

IBM InfoSphere Information Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Impact

• Gain Access
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2025-25045

• CVE-2025-25046

• CVE-2024-22351

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-25045

CVE-2025-25046

CVE-2024-22351