Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
Published: 2026-03-25
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are affected by an information disclosure vulnerability that can expose configuration data and other sensitive information. The flaw is identified as CWE‑209, indicating improper handling of confidential data that may be inadvertently exposed to unauthorized users.

Affected Systems

IBM’s InfoSphere Information Server product, version 11.7.0.0 to 11.7.1.6, running on supported operating systems such as AIX, Linux, and Windows is vulnerable.

Risk and Exploitability

The CVSS score of 4.3 reflects moderate severity, while an EPSS score below 1% indicates a low likelihood of current exploitation. KEV does not list this vulnerability, suggesting no widespread active exploitation reports. Based on the description, it is inferred that an attacker would likely need local or privileged access to the affected system to obtain the disclosed information, as the vulnerability stems from improper access control within the application and no remote exploitation vector is detailed.

Generated by OpenCVE AI on March 26, 2026 at 20:26 UTC.

Remediation

Vendor Solution

Remediation/Fixes Product Version(s) APAR Remediation IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 DT458255 DT459618 --Apply IBM InfoSphere Information Server version 11.7.1.0 --Apply IBM InfoSphere Information Server version 11.7.1.6 --Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 2

OpenCVE Recommended Actions

  • Upgrade to IBM InfoSphere Information Server version 11.7.1.6 Service Pack 2
  • If the service pack cannot be applied, install APAR patches DT458255 and DT459618
  • Verify that the installed version is outside the 11.7.0.0–11.7.1.6 range

Generated by OpenCVE AI on March 26, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Thu, 26 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
Title IBM InfoSphere Information Server Information Disclosure
First Time appeared Ibm
Ibm infosphere Information Server
Weaknesses CWE-209
CPEs cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm infosphere Information Server
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Ibm Aix Infosphere Information Server
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-26T16:11:47.558Z

Reserved: 2026-01-20T20:49:49.334Z

Link: CVE-2026-1262

cve-icon Vulnrichment

Updated: 2026-03-26T16:11:43.805Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T21:16:28.493

Modified: 2026-03-26T18:14:26.737

Link: CVE-2026-1262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:29:46Z

Weaknesses