The vulnerability in IBM InfoSphere Information Server allows an attacker to obtain sensitive information because credentials are not adequately protected. This weakness can lead to a breach of confidentiality, potentially exposing user data, system configuration, or other protected information. The issue is classified as CWE‑522, which addresses the improper protection of credentials, and the official score indicates a medium risk level with a CVSS score of 6.5.

IBM’s InfoSphere Information Server versions from 11.7.0.0 through 11.7.1.6 are affected. The applicable patches are available for versions 11.7.1.0, 11.7.1.6, and the 11.7.1.6 Service Pack 2 update, which address the underlying credential protection flaw. The software runs on a variety of operating systems, including IBM AIX, Linux, and Windows, but the impact is confined to the InfoSphere product layers.

The CVSS score of 6.5 places this vulnerability in the medium severity range, and the EPSS score of less than 1 % indicates a low likelihood of exploitation in the current threat landscape. The vulnerability is not listed in the CISA KEV catalog. While the official description does not detail the attack vector, it is inferred that an attacker who can reach the InfoSphere environment—either through network access or local mechanisms—may be able to retrieve unprotected credential data. No additional prerequisites or exploitation conditions are disclosed in the provided information.