Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages
Published: 2026-03-25
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages. The weakness, classified as CWE‑209, allows an attacker to obtain sensitive system or configuration information that the correct application flow would not normally reveal, thereby potentially aiding further exploitation.

Affected Systems

The vulnerability impacts IBM InfoSphere Information Server for all released versions from 11.7.0.0 up to and including 11.7.1.6, including both base releases and the 11.7.1.6 Service Pack 2 update.

Risk and Exploitability

The CVSS score is 4.3, indicating low to moderate severity, while the EPSS score is below 1 % and the vulnerability is not listed in CISA's KEV catalog, reducing the likelihood of widespread exploitation. The likely attack vector is through exposed error responses from the server when invalid inputs or commands are issued, which can display sensitive information to an attacker. As such, the risk is primarily limited to information disclosure rather than active compromise.

Generated by OpenCVE AI on April 1, 2026 at 03:24 UTC.

Remediation

Vendor Solution

ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462239 https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239 --Apply IBM InfoSphere Information Server version  11.7.1.0 https://www.ibm.com/support/pages/node/878310   --Apply IBM InfoSphere Information Server version  11.7.1.6 https://www.ibm.com/support/pages/node/7182872 --Apply IBM InfoSphere Information Server  11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779

OpenCVE Recommended Actions

  • Apply IBM InfoSphere Information Server version 11.7.1.6 with Service Pack 2 (APAR DT462239).
  • Apply IBM InfoSphere Information Server version 11.7.1.6.
  • Apply IBM InfoSphere Information Server version 11.7.1.0.

Generated by OpenCVE AI on April 1, 2026 at 03:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*

Thu, 26 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages
Title IBM InfoSphere Information Server Cross-Site Scripting IBM InfoSphere Information Server Information Disclosure
Weaknesses CWE-79 CWE-209
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 25 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
Title IBM InfoSphere Information Server Cross-Site Scripting
First Time appeared Ibm
Ibm infosphere Information Server
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm infosphere Information Server
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Ibm Infosphere Information Server
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-26T16:10:51.963Z

Reserved: 2026-02-13T19:50:43.069Z

Link: CVE-2026-2484

cve-icon Vulnrichment

Updated: 2026-03-26T16:10:40.143Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T21:16:41.100

Modified: 2026-03-31T19:01:10.060

Link: CVE-2026-2484

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:59:04Z

Weaknesses