Skip to main content

IBM CVE-2026-2483

| EUVDEUVD-2026-15984 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 25, 2026 - 20:47 euvd
EUVD-2026-15984
Analysis Generated
Mar 25, 2026 - 20:47 vuln.today
Patch released
Mar 25, 2026 - 20:47 nvd
Patch available
CVE Published
Mar 25, 2026 - 20:39 nvd
MEDIUM 5.4

DescriptionCVE.org

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

AnalysisAI

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a stored or reflected cross-site scripting (XSS) vulnerability in the Web UI that allows authenticated users to inject arbitrary JavaScript code. An attacker with valid credentials can exploit this vulnerability to alter application functionality and potentially steal session credentials or perform actions on behalf of other users within a trusted browser session. A patch is available from IBM, and the vulnerability has a CVSS score of 5.4 with moderate real-world risk due to the requirement for prior authentication and user interaction.

Technical ContextAI

This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), which represents a failure in the Web UI input validation and output encoding mechanisms. The affected product is IBM InfoSphere Information Server (cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*), a data integration and governance platform that processes user-supplied data in web forms and displays it without proper sanitization or HTML/JavaScript encoding. The vulnerability exists in versions 11.7.0.0 through 11.7.1.6, indicating the flaw was introduced or persisted across multiple minor versions. Attackers can inject malicious scripts through vulnerable input fields that are subsequently reflected in responses or stored in the application's state, causing execution in the context of other users' browsers when those pages are rendered.

RemediationAI

Apply the security patch provided by IBM available at https://www.ibm.com/support/pages/node/7266764. Upgrade IBM InfoSphere Information Server to a patched version, which should be version 11.7.1.7 or later, or jump to the next major version if available. Until patches can be applied, implement network segmentation to restrict access to the InfoSphere Web UI to trusted internal networks only, enforce strong authentication policies and session management to reduce the window of opportunity for XSS exploitation, and conduct user security awareness training to reduce susceptibility to social engineering attacks that leverage XSS payloads. Consider deploying a Web Application Firewall (WAF) configured to detect and block common XSS payloads in HTTP requests to the affected application.

Share

CVE-2026-2483 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy