Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.
Published: 2026-03-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential Exposure
Action: Apply Patch
AI Analysis

Impact

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 store user credentials in plain text. This allows any local user with access to the file system to read stored passwords and other sensitive data, potentially enabling credential theft and impersonation of privileged users. The weakness is a plaintext storage of passwords, identified as CWE‑256.

Affected Systems

Affected systems include IBM's InfoSphere Information Server product line, specifically version 11.7.0.0 up to and including 11.7.1.6. The vulnerability is relevant for installations on various operating systems such as AIX, Linux, and Windows, as indicated by the associated platform enumeration strings.

Risk and Exploitability

The vulnerability has a CVSS score of 7.1, indicating high impact. The EPSS score is below 1%, suggesting a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local access; a non‑privileged user who can read the configuration files may obtain credential information. No remote exploitation path is disclosed, but the confidentiality of stored passwords is compromised for any local user.

Generated by OpenCVE AI on March 26, 2026 at 19:23 UTC.

Remediation

Vendor Solution

ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT461542 https://www.ibm.com/mysupport/s/defect/aCIgJ0000009sNl/dt461542 --Apply IBM InfoSphere Information Server version  11.7.1.0 https://www.ibm.com/support/pages/node/878310   --Apply IBM InfoSphere Information Server version  11.7.1.6 https://www.ibm.com/support/pages/node/7182872 --Apply IBM InfoSphere Information Server  11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779

Vendor Workaround

Workarounds and Mitigations On the Microservices tier, change the file permissions: - cd </INSTALL_PATH/ugdockerfiles> - chmod 0600 uginfo.rsp - chmod 0600 inventory.yaml

OpenCVE Recommended Actions

  • Apply the latest IBM InfoSphere Information Server patch: update to version 11.7.1.6 Service Pack 2 (or any newer release that includes the fix).
  • Alternatively, apply the APAR remediation DT461542 for versions 11.7.0.0 to 11.7.1.6.
  • If immediate patching is not possible, implement the workaround by restricting file permissions on the microservices tier: run 'cd <INSTALL_PATH>/ugdockerfiles', followed by 'chmod 0600 uginfo.rsp' and 'chmod 0600 inventory.yaml'.
  • Verify that no configuration files are world‑readable and limit file ownership to privileged users.
  • Regularly check IBM support for updated advisories and patch releases.

Generated by OpenCVE AI on March 26, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Thu, 26 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.
Title IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password
First Time appeared Ibm
Ibm infosphere Information Server
Weaknesses CWE-256
CPEs cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm infosphere Information Server
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Ibm Aix Infosphere Information Server
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-26T17:51:17.281Z

Reserved: 2025-04-15T21:16:44.888Z

Link: CVE-2025-36258

cve-icon Vulnrichment

Updated: 2026-03-26T17:49:37.684Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T21:16:24.917

Modified: 2026-03-26T18:18:27.973

Link: CVE-2025-36258

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:29:42Z

Weaknesses