Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
Published: 2026-03-25
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential credential disclosure via XSS
Action: Apply Patch
AI Analysis

Impact

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross‑site scripting, allowing the injection of arbitrary JavaScript into the Web UI. This could alter intended functionality and lead to credential disclosure within a trusted session, posing a risk of unauthorized access to stored credentials. The weakness corresponds to CWE‑79.

Affected Systems

Affected vendor and product is IBM InfoSphere Information Server. Vulnerable versions range from 11.7.0.0 up to and including 11.7.1.6, and the software may be deployed on various operating systems such as AIX, Linux, and Windows as indicated by the common platform enumeration data.

Risk and Exploitability

The vulnerability has a CVSS base score of 5.4, indicating medium severity, and an EPSS score of less than 1%, suggesting a low likelihood of exploitation. It is not listed in the CISA KEV catalog. The attack vector is inferred to be the web UI, requiring an adversary to have access or to trick a user into loading malicious content, potentially during an authenticated session. Although the risk is moderate, the potential for credential theft warrants timely remediation.

Generated by OpenCVE AI on March 26, 2026 at 19:22 UTC.

Remediation

Vendor Solution

ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462239 https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239 --Apply IBM InfoSphere Information Server version  11.7.1.0 https://www.ibm.com/support/pages/node/878310   --Apply IBM InfoSphere Information Server version  11.7.1.6 https://www.ibm.com/support/pages/node/7182872 --Apply IBM InfoSphere Information Server  11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779

OpenCVE Recommended Actions

  • Apply the IBM InfoSphere Information Server patch by upgrading to version 11.7.1.6 or later, following the official remediation steps: apply the base update (11.7.1.0) and then the specific service pack (11.7.1.6 Service Pack 2).
  • Verify that the installation has correctly applied the update and that the Web UI no longer accepts arbitrarily injected script content.
  • Monitor the environment for suspicious web UI activity and review audit logs for evidence of XSS exploitation.

Generated by OpenCVE AI on March 26, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Ibm aix
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
Title IBM InfoSphere Information Server Cross-Site Scripting
First Time appeared Ibm
Ibm infosphere Information Server
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm infosphere Information Server
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Ibm Aix Infosphere Information Server
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-26T17:51:16.907Z

Reserved: 2026-02-13T18:50:48.603Z

Link: CVE-2026-2483

cve-icon Vulnrichment

Updated: 2026-03-26T17:49:16.295Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T21:16:40.883

Modified: 2026-03-26T18:14:17.953

Link: CVE-2026-2483

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:29:35Z

Weaknesses