Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.
Published: 2026-03-03
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Patch
AI Analysis

Impact

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 incorrectly records sensitive information in system log files. This flaw can lead to unintended disclosure of confidential data if the logs are accessed by unauthorized users, increasing the risk of data compromise. The vulnerability is a classic example of a logging weakness that violates confidentiality requirements and is classified under CWE-532.

Affected Systems

The affected product is IBM InfoSphere Information Server, specifically versions 11.7.0.0 up to 11.7.1.6 inclusive. Users running any of these builds without the appropriate patch are at risk.

Risk and Exploitability

The CVSS base score of 4.3 indicates a low severity assessment. EPSS is below 1%, suggesting that exploitation is unlikely, and the vulnerability is not listed in CISA's KEV catalog. The most probable attack vector would involve an attacker gaining access to the application logs, either through local system compromise or by accessing shared log storage. No remote execution or privilege escalation is indicated, so the attack requires either local or vulnerable log access. Overall the risk is moderate but still actionable to prevent inadvertent data leakage.

Generated by OpenCVE AI on April 16, 2026 at 14:00 UTC.

Remediation

Vendor Solution

Product Version(s) APAR Remediation IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 DT457493 --Apply IBM InfoSphere Information Server version 11.7.1.0 --Apply IBM InfoSphere Information Server version 11.7.1.6 --Apply IBM InfoSphere Information Server security patch

OpenCVE Recommended Actions

  • Upgrade to IBM InfoSphere Information Server version 11.7.1.0 or later, including 11.7.1.6, which contains the fix for the logging issue.
  • Apply the IBM security patch that addresses the EXAR remediation for the affected versions.
  • If upgrading immediately is not possible, reconfigure log settings to redact or exclude sensitive data fields and implement strict log access controls to limit visibility to authorized personnel.

Generated by OpenCVE AI on April 16, 2026 at 14:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*

Tue, 03 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.
Title IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file
First Time appeared Ibm
Ibm infosphere Information Server
Weaknesses CWE-532
CPEs cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm infosphere Information Server
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Ibm Infosphere Information Server
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-04T21:11:36.942Z

Reserved: 2026-01-20T21:26:58.818Z

Link: CVE-2026-1265

cve-icon Vulnrichment

Updated: 2026-03-04T21:11:31.540Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T20:16:45.960

Modified: 2026-03-04T17:36:29.610

Link: CVE-2026-1265

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:00:19Z

Weaknesses