Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Published: 2026-03-25
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized internal network access
Action: Patch immediately
AI Analysis

Impact

IBM Inc.'s InfoSphere Information Server is affected by a server‑side request forgery vulnerability that allows an authenticated user to craft HTTP requests to internal resources. The flaw can expose information about the internal network or be leveraged to trigger further attacks. The weakness is categorized as CWE‑918 and does not directly grant code execution on the host, but it provides a gateway to undisclosed services.

Affected Systems

Affected versions are 11.7.0.0 through 11.7.1.6, inclusive. The product is available on AIX, Linux, and Windows platforms. The vulnerability impacts all installations of IBM InfoSphere Information Server in those versions and can affect any component that accepts user‑supplied URLs for network calls.

Risk and Exploitability

The CVSS v3.1 score of 5.4 indicates moderate severity. EPSS is below one percent, meaning the likelihood of exploitation is low at present. The vulnerability is not yet listed in the CISA KEV catalog. Exploitation requires valid credentials and the ability to submit URL parameters; once achieved, the attacker can force the server to access arbitrary endpoints inside the corporate network.

Generated by OpenCVE AI on March 26, 2026 at 19:22 UTC.

Remediation

Vendor Solution

ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462312 https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312 --Apply IBM InfoSphere Information Server version  11.7.1.0 https://www.ibm.com/support/pages/node/878310   --Apply IBM InfoSphere Information Server version  11.7.1.6 https://www.ibm.com/support/pages/node/7182872 --Apply IBM InfoSphere Information Server  11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779

OpenCVE Recommended Actions

  • Apply the latest IBM InfoSphere Information Server update – version 11.7.1.6 Service Pack 2 (https://www.ibm.com/support/pages/node/7260779).
  • If SP2 is not applicable, apply the 11.7.1.6 update (https://www.ibm.com/support/pages/node/7182872).
  • For earlier installations (11.7.0.0 to 11.7.1.5), apply the APAR remediation DT462312 (https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312).
  • Verify that the patched version is deployed by checking the server version string.
  • If a patch cannot be applied immediately, restrict outbound HTTP connections from the InfoSphere application or block the SSRF endpoints to prevent internal network requests.

Generated by OpenCVE AI on March 26, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Title IBM InfoSphere Information Server Cross-Site Scripting IBM InfoSphere Information Server is vulnerable to server-side request forgery

Wed, 25 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Title IBM InfoSphere Information Server Cross-Site Scripting
First Time appeared Ibm
Ibm infosphere Information Server
Weaknesses CWE-918
CPEs cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm infosphere Information Server
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Ibm Aix Infosphere Information Server
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-26T17:53:56.700Z

Reserved: 2026-01-16T01:50:30.480Z

Link: CVE-2026-1015

cve-icon Vulnrichment

Updated: 2026-03-26T17:53:53.704Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T21:16:28.307

Modified: 2026-03-26T18:14:41.903

Link: CVE-2026-1015

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:29:33Z

Weaknesses