IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 suffers from an insecure direct object reference vulnerability. This weakness, classified as CWE-639, allows an attacker to access resources or data that they should not be able to reach, potentially leading to unauthorized data disclosure or modification. The vulnerability can be exploited to bypass normal authorization checks and gain inappropriate access to protected objects.

Affected systems include IBM InfoSphere Information Server releases 11.7.0.0 through 11.7.1.6. The vulnerability is present regardless of the underlying operating system, as the product runs on various platforms such as AIX, Linux, and Windows. Users of these versions should assume the IDOR flaw is active until a patch is applied.

The CVSS score of 5.7 indicates a moderate to high risk, while the EPSS probability is less than 1 %, suggesting low likelihood of widespread exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is remote access via the web or API interface; based on the nature of IDOR, an attacker would need at least authentication to the system or interface to leverage the flaw, but this is inferred from typical IDOR patterns. Administrators should assess their exposure and apply the available patches promptly.