CVE-2025-14808 - Vulnerability Details

- IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.

Published: 2026-03-25

Score: 3.1 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

IBM InfoSphere Information Server processes the query string of HTTP GET requests and, if it contains sensitive data, can expose that data to an attacker who controls a man‑in‑the‑middle position. The vulnerability allows the disclosure of confidential information, such as authentication tokens or other credentials, with no requirement for privileged access or code execution. The weakness corresponds to CWE‑598, Information Exposure Through Unencrypted Transmission.

Affected Systems

This issue affects IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6, including the service pack 2 for 11.7.1.6. System administrators managing these deployments on IBM AIX, Linux, or Windows should verify whether their installation is within the affected range.

Risk and Exploitability

The CVSS base score of 3.1 indicates a low severity, and the EPSS score of less than 1 % shows a very low probability of exploitation, which is further mitigated by the requirement that an attacker already has network visibility to perform a man‑in‑the‑middle capture. The vulnerability is not listed in the CISA KEV catalog. Although the risk is low, the exposure of sensitive data can still impact confidentiality for affected users.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IBM

InfoSphere Information Server

affected

Version	Status	Constraints
`11.7.0.0`	affected	≤ 11.7.1.6

Configuration 1 [-]

AND

cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

Vendor Product Confidence Versions

Ibm

Infosphere Information Server

95%

Version	Status	Scheme	Platform
`[11.7.0.0,11.7.1.6]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT458475 https://www.ibm.com/mysupport/s/defect/aCIgJ0000008Z5R/dt458475 --Apply IBM InfoSphere Information Server version 11.7.1.0 https://www.ibm.com/support/pages/node/878310 --Apply IBM InfoSphere Information Server version 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 --Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779

OpenCVE Recommended Actions

Apply IBM InfoSphere Information Server version 11.7.1.0 update from IBM support.
Apply IBM InfoSphere Information Server version 11.7.1.6 update from IBM support.
Apply IBM InfoSphere Information Server 11.7.1.6 Service Pack 2 from IBM support.

Generated by OpenCVE AI on March 26, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.ibm.com/support/pages/node/7266695

History

Thu, 26 Mar 2026 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm aix Linux Linux linux Kernel Microsoft Microsoft windows
CPEs		cpe:2.3:a:ibm:infosphere_information_server:::::::: cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Ibm aix Linux Linux linux Kernel Microsoft Microsoft windows

Thu, 26 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 25 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description		IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Title		IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information
First Time appeared		Ibm Ibm infosphere Information Server
Weaknesses		CWE-598
CPEs		cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:::::::* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:::::::*
Vendors & Products		Ibm Ibm infosphere Information Server
References		https://www.ibm.com/support/pages/node/7266695
Metrics		cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

Ibm Aix Infosphere Information Server

Linux Linux Kernel

Microsoft Windows

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-03-25T20:09:38.639Z

Updated: 2026-03-26T17:51:17.692Z

Reserved: 2025-12-16T22:24:55.873Z

Link: CVE-2025-14808

Vulnrichment

Updated: 2026-03-26T17:49:59.280Z

NVD

Status : Analyzed

Published: 2026-03-25T21:16:23.813

Modified: 2026-03-26T18:23:13.530

Link: CVE-2025-14808

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-27T09:30:09Z

Weaknesses

CWE-598

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object