Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
AnalysisAI
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to send unauthorized requests from the vulnerable system. This enables network enumeration, lateral movement, or facilitation of secondary attacks against internal or external resources. The vulnerability requires valid credentials to exploit but carries moderate real-world risk given the CVSS 5.4 score and the authenticated attack vector.
Technical ContextAI
The vulnerability is classified as CWE-918 (Server-Side Request Forgery), a design flaw where the application fails to properly validate or sanitize user-supplied input before making outbound HTTP/network requests on behalf of the server. IBM InfoSphere Information Server (affected CPE: cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*) is a data integration and governance platform that processes, moves, and manages data across heterogeneous systems. The SSRF flaw likely exists in components responsible for data source connectivity, HTTP-based integrations, or remote resource access. An attacker with valid authentication credentials can manipulate request parameters to redirect the server into making connections to internal network services, cloud metadata endpoints, or external systems otherwise inaccessible from the attacker's perspective.
RemediationAI
Apply the security patch provided by IBM via their support portal at https://www.ibm.com/support/pages/node/7266698; upgrade to the earliest available patched version beyond 11.7.1.6. Until patching is feasible, implement network-level controls by restricting outbound traffic from InfoSphere servers to explicitly whitelisted internal and external destinations, and disable or restrict features that enable dynamic remote connections. Enforce strict authentication and logging on InfoSphere administrative interfaces to reduce insider risk and detect abuse. Deploy a Web Application Firewall (WAF) or reverse proxy in front of InfoSphere to inspect and block requests with suspicious URL patterns or parameters indicative of SSRF payloads (e.g., localhost, 127.0.0.1, 169.254.169.254, or internal IP ranges in request parameters).
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209019
GHSA-7wgc-jm2p-f23w