Infosphere Information Server
CVE-2026-1567
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.
AnalysisAI
Infosphere Information Server versions up to 11.7.1.6 is affected by improper restriction of xml external entity reference (CVSS 7.1).
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires valid low-privilege user credentials for IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6; attacker must submit malicious XML to a component that processes external entities without proper validation. Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.1 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker could exploit this vulnerability to retrieve sensitive information from the server. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running Infosphere Information Server versions ≤11.7.1.6 and restrict network access to trusted sources only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handl
CVE-2025-0966 is a SQL injection vulnerability in IBM InfoSphere Information Server 11.7 that allows authenticated remot
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a denial of service vulnerability caused by
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext paramete
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an o
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical erro
CVE-2025-3629 is a security vulnerability (CVSS 4.3) that allows an authenticated user. Remediation should follow standa
Share
External POC / Exploit Code
Leaving vuln.today