Skip to main content

IBM InfoSphere Information Server CVE-2026-9836

| EUVDEUVD-2026-40378 HIGH
Information Exposure (CWE-200)
2026-06-30 ibm GHSA-5wpw-59x5-j49f
High
Disputed · 7.5 NVD
Share

Severity by source

Sources disagree (Low–High)
Vendor (ibm) PRIMARY
LOW
qualitative
NVD
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
7.5 HIGH

Network-reachable, unauthenticated information disclosure with no user interaction (AV:N/AC:L/PR:N/UI:N); confidentiality-only impact (C:H, I:N, A:N) consistent with CWE-200.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Analysis Updated
Jul 02, 2026 - 19:43 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 02, 2026 - 19:42 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 02, 2026 - 19:37 vuln.today
cvss_changed
Severity Changed
Jul 02, 2026 - 19:37 NVD
LOW HIGH
CVSS changed
Jul 02, 2026 - 19:37 NVD
3.5 (LOW) 7.5 (HIGH)
Analysis Generated
Jun 30, 2026 - 19:50 vuln.today

DescriptionNVD

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

AnalysisAI

Information disclosure in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 allows remote attackers to obtain sensitive information over the network without authentication (CVSS 3.1 vector AV:N/PR:N, base 7.5). The flaw exposes confidential data (C:H) while leaving integrity and availability untouched, and there is no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed Information Server interface
Exploit
Send unauthorized request to vulnerable endpoint
Execution
Server returns sensitive information
Impact
Harvest disclosed data

Vulnerability AssessmentAI

Exploitation The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates remote, unauthenticated exploitation against a network-reachable instance with no user interaction, so the primary prerequisite is simply network access to an affected IBM InfoSphere Information Server (11.7.0.0-11.7.1.6) instance. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals here are mixed and lean toward moderate rather than emergency priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker with network access to the InfoSphere Information Server interface sends a crafted or unauthorized request to an affected endpoint and receives sensitive information in the response without needing credentials or user interaction, consistent with the AV:N/AC:L/PR:N/UI:N vector. No public proof-of-concept has been identified, so exploitation would require the attacker to independently discover the specific vulnerable request.
Remediation Patch available per vendor advisory: apply the fix referenced in IBM's advisory at https://www.ibm.com/support/pages/node/7278188, which covers the affected 11.7.0.0-11.7.1.6 range; the exact patched build number is not stated in the available data, so consult that IBM support page for the specific interim fix or fix pack for your version. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and catalog all IBM InfoSphere Information Server systems running versions 11.7.0.0 through 11.7.1.6; assess and classify each system by data sensitivity (customer data, intellectual property, regulated information). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-40689 CRITICAL
9.8 Jul 26

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2023-32336 CRITICAL
9.8 May 22

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserializat

CVE-2022-40752 CRITICAL
9.8 Nov 16

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of speci

CVE-2022-22425 CRITICAL
9.8 Nov 03

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8),

CVE-2022-31768 CRITICAL
9.8 Jun 06

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2012-0204 CRITICAL
9.3 Jan 31

Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server

CVE-2017-1383 CRITICAL
9.1 Aug 02

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when

CVE-2022-40747 CRITICAL
9.1 Nov 03

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing X

CVE-2021-38948 CRITICAL
9.1 Nov 02

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XM

CVE-2024-31902 HIGH
8.8 Jun 30

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to exec

CVE-2023-38268 HIGH
8.8 Dec 01

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to exec

CVE-2023-23473 HIGH
8.8 Aug 28

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to exec

Share

CVE-2026-9836 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy