Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
AnalysisAI
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an information disclosure vulnerability (CWE-209) that allows authenticated attackers to access sensitive information over the network without user interaction. The vulnerability has a CVSS score of 4.3 with low attack complexity and low privileges required, meaning any logged-in user can exploit it. A vendor patch is available, reducing immediate risk for organizations that can deploy updates promptly.
Technical ContextAI
This vulnerability is classified as CWE-209 (Information Exposure Through an Error Message), which typically occurs when applications expose sensitive data through error messages, logs, or diagnostic outputs that should be restricted. IBM InfoSphere Information Server (cpe:2.3:a:ibm:infosphere_information_server) is a data integration and governance platform that processes sensitive metadata and business information. The affected versions 11.7.0.0 through 11.7.1.6 likely have improper access controls or information filtering mechanisms that allow authenticated users to retrieve data beyond their authorization scope. The network-accessible attack vector (AV:N) indicates the vulnerability can be triggered remotely, and the low attack complexity (AC:L) suggests no special conditions or tools are required to exploit it.
RemediationAI
Organizations should upgrade IBM InfoSphere Information Server to version 11.7.1.7 or later as provided by IBM's security patch available at https://www.ibm.com/support/pages/node/7266748. For environments where immediate patching is not feasible, implement network-level access controls to restrict InfoSphere Information Server access to only authorized users and trusted network segments, disable unnecessary user accounts with access to the platform, and implement enhanced monitoring and logging of information retrieval activities to detect anomalous access patterns. If the application exposes sensitive metadata through API endpoints or dashboards, consider implementing an API gateway with additional authentication and rate-limiting controls until the patch can be deployed.
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15980
GHSA-hrvg-rq28-fjf5