Severity by source
Sources disagree (Low–High)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Network-reachable, unauthenticated information disclosure with no user interaction (AV:N/AC:L/PR:N/UI:N); confidentiality-only impact (C:H, I:N, A:N) consistent with CWE-200.
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
6DescriptionNVD
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
AnalysisAI
Information disclosure in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 allows remote attackers to obtain sensitive information over the network without authentication (CVSS 3.1 vector AV:N/PR:N, base 7.5). The flaw exposes confidential data (C:H) while leaving integrity and availability untouched, and there is no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates remote, unauthenticated exploitation against a network-reachable instance with no user interaction, so the primary prerequisite is simply network access to an affected IBM InfoSphere Information Server (11.7.0.0-11.7.1.6) instance. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals here are mixed and lean toward moderate rather than emergency priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker with network access to the InfoSphere Information Server interface sends a crafted or unauthorized request to an affected endpoint and receives sensitive information in the response without needing credentials or user interaction, consistent with the AV:N/AC:L/PR:N/UI:N vector. No public proof-of-concept has been identified, so exploitation would require the attacker to independently discover the specific vulnerable request. |
| Remediation | Patch available per vendor advisory: apply the fix referenced in IBM's advisory at https://www.ibm.com/support/pages/node/7278188, which covers the affected 11.7.0.0-11.7.1.6 range; the exact patched build number is not stated in the available data, so consult that IBM support page for the specific interim fix or fix pack for your version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and catalog all IBM InfoSphere Information Server systems running versions 11.7.0.0 through 11.7.1.6; assess and classify each system by data sensitivity (customer data, intellectual property, regulated information). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerab
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserializat
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of speci
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8),
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerab
Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing X
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XM
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to exec
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to exec
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to exec
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40378
GHSA-5wpw-59x5-j49f