diff --git a/2025/1xxx/CVE-2025-1499.json b/2025/1xxx/CVE-2025-1499.json
index 6ce36618af9..a8d468fc445 100644
--- a/2025/1xxx/CVE-2025-1499.json
+++ b/2025/1xxx/CVE-2025-1499.json
@@ -1,17 +1,100 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1499",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@us.ibm.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-312 Cleartext Storage of Sensitive Information",
+ "cweId": "CWE-312"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IBM",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "InfoSphere Information Server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "11.7"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.ibm.com/support/pages/node/7233154",
+ "refsource": "MISC",
+ "name": "https://www.ibm.com/support/pages/node/7233154"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7 DT423714
--Apply InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.6
--Apply InfoSphere DataStage security patch
"
+ }
+ ],
+ "value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7 DT423714 \n --Apply InfoSphere Information Server version 11.7.1.0 \n--Apply InfoSphere Information Server version 11.7.1.6\n--Apply InfoSphere DataStage security patch"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/25xxx/CVE-2025-25044.json b/2025/25xxx/CVE-2025-25044.json
index 865f4121815..454ddaab14f 100644
--- a/2025/25xxx/CVE-2025-25044.json
+++ b/2025/25xxx/CVE-2025-25044.json
@@ -1,17 +1,100 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25044",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@us.ibm.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IBM",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Planning Analytics Local",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.0, 2.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.ibm.com/support/pages/node/7235182",
+ "refsource": "MISC",
+ "name": "https://www.ibm.com/support/pages/node/7235182"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "It is strongly recommended that you apply the most recent security updates:
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central
"
+ }
+ ],
+ "value": "It is strongly recommended that you apply the most recent security updates:\n\nIBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central\nIBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2896.json b/2025/2xxx/CVE-2025-2896.json
index 4cecda63bc3..a1085ee7c3b 100644
--- a/2025/2xxx/CVE-2025-2896.json
+++ b/2025/2xxx/CVE-2025-2896.json
@@ -1,17 +1,100 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2896",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@us.ibm.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IBM",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Planning Analytics Local",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.0, 2.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.ibm.com/support/pages/node/7235182",
+ "refsource": "MISC",
+ "name": "https://www.ibm.com/support/pages/node/7235182"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "It is strongly recommended that you apply the most recent security updates:
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central
"
+ }
+ ],
+ "value": "It is strongly recommended that you apply the most recent security updates:\n\nIBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central\nIBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/33xxx/CVE-2025-33004.json b/2025/33xxx/CVE-2025-33004.json
index f5faa9efb1f..8fc6084e8fa 100644
--- a/2025/33xxx/CVE-2025-33004.json
+++ b/2025/33xxx/CVE-2025-33004.json
@@ -1,17 +1,100 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-33004",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@us.ibm.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+ "cweId": "CWE-22"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IBM",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Planning Analytics Local",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.0, 2.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.ibm.com/support/pages/node/7235182",
+ "refsource": "MISC",
+ "name": "https://www.ibm.com/support/pages/node/7235182"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "It is strongly recommended that you apply the most recent security updates:
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central
"
+ }
+ ],
+ "value": "It is strongly recommended that you apply the most recent security updates:\n\nIBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central\nIBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/33xxx/CVE-2025-33005.json b/2025/33xxx/CVE-2025-33005.json
index 73ecd8af5d7..1eb46b92ac5 100644
--- a/2025/33xxx/CVE-2025-33005.json
+++ b/2025/33xxx/CVE-2025-33005.json
@@ -1,17 +1,100 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-33005",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@us.ibm.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-613 Insufficient Session Expiration",
+ "cweId": "CWE-613"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IBM",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Planning Analytics Local",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.0, 2.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.ibm.com/support/pages/node/7235182",
+ "refsource": "MISC",
+ "name": "https://www.ibm.com/support/pages/node/7235182"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "It is strongly recommended that you apply the most recent security updates:
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central
"
+ }
+ ],
+ "value": "It is strongly recommended that you apply the most recent security updates:\n\nIBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central\nIBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2025/5xxx/CVE-2025-5435.json b/2025/5xxx/CVE-2025-5435.json
new file mode 100644
index 00000000000..74363bacb2f
--- /dev/null
+++ b/2025/5xxx/CVE-2025-5435.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-5435",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/5xxx/CVE-2025-5436.json b/2025/5xxx/CVE-2025-5436.json
new file mode 100644
index 00000000000..3b91b1710de
--- /dev/null
+++ b/2025/5xxx/CVE-2025-5436.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-5436",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/5xxx/CVE-2025-5437.json b/2025/5xxx/CVE-2025-5437.json
new file mode 100644
index 00000000000..b70d1f72e46
--- /dev/null
+++ b/2025/5xxx/CVE-2025-5437.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-5437",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file