Primary

Context

IBM InfoSphere DataStage Flow Designer Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM InfoSphere DataStage Flow Designer within IBM InfoSphere Information Server 11.7, where sensitive user information is transmitted in clear text via API requests. This lack of encryption could allow interception of the data through man-in-the-middle attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized interception of sensitive user information transmitted in API requests.

Remediation

Users can upgrade to InfoSphere Information Server versions 11.7.1.0 or 11.7.1.6. Additionally, an interim security patch for InfoSphere DataStage Flow Designer is available.

Added: Jun 26, 2025, 5:05 PM

Updated: Jun 26, 2025, 5:05 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM InfoSphere DataStage Flow Designer Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM InfoSphere Information Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating