Skip to main content

IBM CVE-2026-1015

| EUVDEUVD-2026-15978 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-03-25 ibm GHSA-xfqr-cg7j-569j
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 25, 2026 - 21:02 euvd
EUVD-2026-15978
Analysis Generated
Mar 25, 2026 - 21:02 vuln.today
Patch released
Mar 25, 2026 - 21:02 nvd
Patch available
CVE Published
Mar 25, 2026 - 20:41 nvd
MEDIUM 5.4

DescriptionCVE.org

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

AnalysisAI

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to send unauthorized requests from the affected system. This could enable network enumeration, lateral movement, or facilitate secondary attacks against internal systems. The vulnerability requires valid authentication credentials but presents moderate risk with a CVSS score of 5.4 and has an available patch from IBM.

Technical ContextAI

The vulnerability is classified as CWE-918 (Server-Side Request Forgery), which occurs when an application accepts user-controlled input to construct requests sent by the server without proper validation. In IBM InfoSphere Information Server (cpe:2.3:a:ibm:infosphere_information_server), the SSRF flaw likely exists in web service handlers or data integration components that process URLs or external service references. InfoSphere Information Server is an enterprise data integration and governance platform that manages data flows and metadata across distributed systems, making SSRF particularly dangerous as it could pivot from the application server to reach internal databases, APIs, or administrative interfaces not directly exposed to the attacker.

RemediationAI

Apply the security patch provided by IBM at https://www.ibm.com/support/pages/node/7266740, which addresses the SSRF vulnerability in affected versions. Users should upgrade to a patched version of InfoSphere Information Server 11.7.1.7 or later, or migrate to a supported release if available. As an interim control, network access should be restricted to prevent the InfoSphere server from reaching sensitive internal systems—implement egress filtering rules that limit outbound connections to only necessary services and implement IP allowlisting for service-to-service communication. Additionally, audit logs should be monitored for unusual outbound connection attempts or unexpected requests from InfoSphere processes.

Share

CVE-2026-1015 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy