EUVD-2025-209019
GHSA-7wgc-jm2p-f23w
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionNVD
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
AnalysisAI
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to send unauthorized requests from the vulnerable system. This enables network enumeration, lateral movement, or facilitation of secondary attacks against internal or external resources. The vulnerability requires valid credentials to exploit but carries moderate real-world risk given the CVSS 5.4 score and the authenticated attack vector.
Technical ContextAI
The vulnerability is classified as CWE-918 (Server-Side Request Forgery), a design flaw where the application fails to properly validate or sanitize user-supplied input before making outbound HTTP/network requests on behalf of the server. IBM InfoSphere Information Server (affected CPE: cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*) is a data integration and governance platform that processes, moves, and manages data across heterogeneous systems. The SSRF flaw likely exists in components responsible for data source connectivity, HTTP-based integrations, or remote resource access. An attacker with valid authentication credentials can manipulate request parameters to redirect the server into making connections to internal network services, cloud metadata endpoints, or external systems otherwise inaccessible from the attacker's perspective.
RemediationAI
Apply the security patch provided by IBM via their support portal at https://www.ibm.com/support/pages/node/7266698; upgrade to the earliest available patched version beyond 11.7.1.6. Until patching is feasible, implement network-level controls by restricting outbound traffic from InfoSphere servers to explicitly whitelisted internal and external destinations, and disable or restrict features that enable dynamic remote connections. Enforce strict authentication and logging on InfoSphere administrative interfaces to reduce insider risk and detect abuse. Deploy a Web Application Firewall (WAF) or reverse proxy in front of InfoSphere to inspect and block requests with suspicious URL patterns or parameters indicative of SSRF payloads (e.g., localhost, 127.0.0.1, 169.254.169.254, or internal IP ranges in request parameters).
More from same product – last 7 days
Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitr
Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Tra
Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 throu
Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded
Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1)
Share
External POC / Exploit Code
Leaving vuln.today