CVE-2026-1014 - Vulnerability Details

- IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.

Published: 2026-03-25

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability involves manipulating JSON server responses from IBM InfoSphere Information Server, allowing unauthorized parties to receive data that should remain confidential. This results in a breach of confidentiality, exposing sensitive information processed by the server. The flaw is categorized under CWE‑319, indicating insecure transmission of information.

Affected Systems

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 on IBM AIX, Linux, or Windows are affected. The issue manifests when the server exposes JSON responses to external clients, regardless of the underlying operating system.

Risk and Exploitability

The CVSS score of 6.5 reflects moderate severity, and the EPSS score of less than 1% indicates a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Attack requires remote network access to the server’s JSON API; no privileged escalation is necessary, but an attacker who can craft requests may view sensitive data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IBM

InfoSphere Information Server

affected

Version	Status	Constraints
`11.7.0.0`	affected	≤ 11.7.1.6

Configuration 1 [-]

AND

cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

Vendor Product Confidence Versions

Ibm

Infosphere Information Server

95%

Version	Status	Scheme	Platform
`[11.7.0.0,11.7.1.6]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462312 https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312 --Apply IBM InfoSphere Information Server version 11.7.1.0 https://www.ibm.com/support/pages/node/878310 --Apply IBM InfoSphere Information Server version 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 --Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779

OpenCVE Recommended Actions

Apply APAR DT462312 for IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 – https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312
Apply IBM InfoSphere Information Server version 11.7.1.0 – https://www.ibm.com/support/pages/node/878310
Apply IBM InfoSphere Information Server version 11.7.1.6 – https://www.ibm.com/support/pages/node/7182872
Apply IBM InfoSphere Information Server 11.7.1.6 Service Pack 2 – https://www.ibm.com/support/pages/node/7260779

Generated by OpenCVE AI on March 26, 2026 at 19:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.ibm.com/support/pages/node/7266736

History

Thu, 26 Mar 2026 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm aix Linux Linux linux Kernel Microsoft Microsoft windows
CPEs		cpe:2.3:a:ibm:infosphere_information_server:::::::: cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Ibm aix Linux Linux linux Kernel Microsoft Microsoft windows

Thu, 26 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 25 Mar 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.
Title		IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information
First Time appeared		Ibm Ibm infosphere Information Server
Weaknesses		CWE-319
CPEs		cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:::::::* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:::::::*
Vendors & Products		Ibm Ibm infosphere Information Server
References		https://www.ibm.com/support/pages/node/7266736
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Ibm Aix Infosphere Information Server

Linux Linux Kernel

Microsoft Windows

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-03-25T20:40:53.397Z

Updated: 2026-03-26T17:51:16.775Z

Reserved: 2026-01-16T01:38:03.418Z

Link: CVE-2026-1014

Vulnrichment

Updated: 2026-03-26T17:49:09.242Z

NVD

Status : Analyzed

Published: 2026-03-25T21:16:28.123

Modified: 2026-03-26T18:16:38.210

Link: CVE-2026-1014

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-27T09:29:34Z

Weaknesses

CWE-319

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object