Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Published: 2026-03-25
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server-side request forgery
Action: Apply Patch
AI Analysis

Impact

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server‑side request forgery (SSRF). An authenticated attacker could instruct the server to send HTTP requests to arbitrary internal hosts, enabling the disclosure of network topology or facilitating further exploitation. This flaw allows the attacker to obtain sensitive information and potentially pivot within the network.

Affected Systems

The vulnerability affects IBM InfoSphere Information Server product versions 11.7.0.0 to 11.7.1.6 on operating systems such as AIX, Linux, and Windows, as indicated by the CPE entries for those platforms.

Risk and Exploitability

The CVSS v3.1 score of 5.4 indicates medium severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation would require an authenticated session with sufficient privileges to trigger the SSRF endpoint; once the flaw is leveraged, the attacker can access internal resources and enumerate the network.

Generated by OpenCVE AI on March 26, 2026 at 19:24 UTC.

Remediation

Vendor Solution

ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT458451 https://www.ibm.com/mysupport/s/defect/aCIgJ0000008YUL/dt458451 --Apply IBM InfoSphere Information Server version  11.7.1.0 https://www.ibm.com/support/pages/node/878310   --Apply IBM InfoSphere Information Server version  11.7.1.6 https://www.ibm.com/support/pages/node/7182872 --Apply IBM InfoSphere Information Server  11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779

OpenCVE Recommended Actions

  • Apply the APAR remediation (DT458451) for IBM InfoSphere Information Server versions 11.7.0.0 to 11.7.1.6 (https://www.ibm.com/mysupport/s/defect/aCIgJ0000008YUL/dt458451)
  • Apply IBM InfoSphere Information Server version 11.7.1.0 patch (https://www.ibm.com/support/pages/node/878310)
  • Apply IBM InfoSphere Information Server version 11.7.1.6 patch (https://www.ibm.com/support/pages/node/7182872)
  • Apply IBM InfoSphere Information Server 11.7.1.6 Service Pack 2 (https://www.ibm.com/support/pages/node/7260779)

Generated by OpenCVE AI on March 26, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Thu, 26 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Title IBM InfoSphere Information Server is vulnerable to server-side request forgery
First Time appeared Ibm
Ibm infosphere Information Server
Weaknesses CWE-918
CPEs cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm infosphere Information Server
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Ibm Aix Infosphere Information Server
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-26T16:12:08.749Z

Reserved: 2025-12-18T18:45:49.823Z

Link: CVE-2025-14912

cve-icon Vulnrichment

Updated: 2026-03-26T16:12:05.667Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T21:16:24.187

Modified: 2026-03-26T18:22:01.727

Link: CVE-2025-14912

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:29:48Z

Weaknesses