{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2483", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-02-13T18:50:48.603Z", "datePublished": "2026-03-25T20:39:42.261Z", "dateUpdated": "2026-03-25T20:39:42.261Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:39:42.261Z"}, "title": "IBM InfoSphere Information Server Cross-Site Scripting", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "lessThanOrEqual": "11.7.1.6", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server\u00a011.7.0.0 through\u00a011.7.1.6\u00a0is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><span>IBM InfoSphere Information Server&nbsp;</span><span>11.7.0.0 through&nbsp;11.7.1.6</span><span>&nbsp;is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session</span></p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266764", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462239 https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\"DT462239\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239\" rel=\"nofollow\">DT462239</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a></td></tr></tbody></table>"}]}], "x_generator": {"engine": "ibm-cvegen"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server\u00a011.7.0.0 through\u00a011.7.1.6\u00a0is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session"}], "id": "CVE-2026-2483", "lastModified": "2026-03-25T21:16:40.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T21:16:40.883", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7266764"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T21:21:50.234987+00:00", "value": {"mitigation_remediation": ["Apply IBM InfoSphere Information Server 11.7.1.6 Service Pack 2 (link: https://www.ibm.com/support/pages/node/7260779)", "Apply IBM InfoSphere Information Server 11.7.1.6 (link: https://www.ibm.com/support/pages/node/7182872)", "Apply IBM InfoSphere Information Server 11.7.1.0 (link: https://www.ibm.com/support/pages/node/878310)", "Apply IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 Remediation APAR DT462239 (link: https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239)"], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011Site Scripting with potential credential disclosure"}, "threat_synthesis": {"affected_systems": "IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are affected. The vulnerability exists in all builds of these releases and impacts any environment that exposes the server\u2019s web interface to users or administrators.", "description_and_impact": "This vulnerability allows attackers to embed arbitrary JavaScript code into the Web UI of IBM InfoSphere Information Server. By doing so, malicious code can be executed in the context of the victim\u2019s browser, potentially altering the user interface, stealing session information, and disclosing user credentials while the user is logged in. The weakness is a classic Cross\u2011Site Scripting flaw, corresponding to CWE\u201179.", "risk_and_exploitability": "The CVSS score of 5.4 indicates a moderate risk. Exploitation is likely achievable remotely via the web interface, and the vulnerability can be leveraged by authenticated users within a trusted session. EPSS information is not available, and the CVE is not listed in the CISA KEV catalog. While no zero\u2011day exploit is currently reported, the ability to inject JavaScript makes this a noteworthy threat that could be abused once discovered or through social engineering."}}}}, "created": "2026-03-25T21:46:00.830896+00:00", "updated": "2026-03-25T21:46:00.830936+00:00", "vendors": []}