{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1262", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-01-20T20:49:49.334Z", "datePublished": "2026-03-25T20:19:24.018Z", "dateUpdated": "2026-03-26T16:11:47.558Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:19:24.018Z"}, "title": "IBM InfoSphere Information Server Information Disclosure", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "lessThanOrEqual": "11.7.1.6", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266748", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Remediation/Fixes Product Version(s) APAR Remediation IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 DT458255 DT459618 --Apply IBM InfoSphere Information Server version 11.7.1.0 --Apply IBM InfoSphere Information Server version 11.7.1.6 --Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 2", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Remediation/Fixes Product Version(s) APAR Remediation IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 DT458255 DT459618 --Apply IBM InfoSphere Information Server version 11.7.1.0 --Apply IBM InfoSphere Information Server version 11.7.1.6 --Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 2</p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T16:11:18.580299Z", "id": "CVE-2026-1262", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T16:11:47.558Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T16:11:18.580299Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T16:11:43.805Z"}}], "cna": {"title": "IBM InfoSphere Information Server Information Disclosure", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "versionType": "semver", "lessThanOrEqual": "11.7.1.6"}]}], "solutions": [{"lang": "en", "value": "Remediation/Fixes Product Version(s) APAR Remediation IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 DT458255 DT459618 --Apply IBM InfoSphere Information Server version 11.7.1.0 --Apply IBM InfoSphere Information Server version 11.7.1.6 --Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 2", "supportingMedia": [{"type": "text/html", "value": "<p>Remediation/Fixes Product Version(s) APAR Remediation IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 DT458255 DT459618 --Apply IBM InfoSphere Information Server version 11.7.1.0 --Apply IBM InfoSphere Information Server version 11.7.1.6 --Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 2</p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266748", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:19:24.018Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1262", "state": "PUBLISHED", "dateUpdated": "2026-03-26T16:11:47.558Z", "dateReserved": "2026-01-20T20:49:49.334Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-03-25T20:19:24.018Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "65FBF88B-61F0-4D42-A290-453FDC874D7F", "versionEndIncluding": "11.7.1.6", "versionStartIncluding": "11.7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability."}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 est\u00e1 afectado por una vulnerabilidad de revelaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2026-1262", "lastModified": "2026-03-26T18:14:26.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T21:16:28.493", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7266748"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[11.7.0.0,11.7.1.6]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "InfoSphere Information Server", "source": "cna", "vendor": "IBM"}, "product": "infosphere_information_server", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-03-25T21:26:07.719572+00:00", "value": {"mitigation_remediation": ["Apply IBM InfoSphere Information Server version 11.7.1.0 or 11.7.1.6, including Service Pack 2, as specified by the vendor remediation.", "Ensure the APARs DT458255 and DT459618 are applied.", "Verify the software version after the update to confirm the fix is in place.", "If an update cannot be applied immediately, restrict network access to the vulnerable components and monitor for abnormal activity."], "summary": {"action": "Apply Patch", "impact": "Information disclosure"}, "threat_synthesis": {"affected_systems": "Affected systems span IBM InfoSphere Information Server deployments from version 11.7.0.0 up to 11.7.1.6. Administrators of environments running these releases should review their installation configuration and plan to update.", "description_and_impact": "IBMs InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a flaw that can expose sensitive data to unauthorized parties. The information disclosure arises from how the system handles configuration or log information, resulting in a partial loss of confidentiality. The weakness is classified as CWE-209.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity; the lack of EPSS data means exploitation probability is unclear, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need to exploit the disclosed flaw, potentially through unauthorized access to the server or via network interfaces, to read the exposed information. Immediate patching reduces the risk of data leakage."}}}}, "created": "2026-03-25T21:46:12.333713+00:00", "updated": "2026-03-26T11:31:46.124250+00:00", "vendors": ["ibm", "ibm$PRODUCT$infosphere_information_server"]}