Skip to main content

IBM EUVDEUVD-2026-15980

| CVE-2026-1262 MEDIUM
Error Message Information Leak (CWE-209)
2026-03-25 ibm GHSA-hrvg-rq28-fjf5
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 25, 2026 - 20:32 euvd
EUVD-2026-15980
Analysis Generated
Mar 25, 2026 - 20:32 vuln.today
Patch released
Mar 25, 2026 - 20:32 nvd
Patch available
CVE Published
Mar 25, 2026 - 20:19 nvd
MEDIUM 4.3

DescriptionCVE.org

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

AnalysisAI

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an information disclosure vulnerability (CWE-209) that allows authenticated attackers to access sensitive information over the network without user interaction. The vulnerability has a CVSS score of 4.3 with low attack complexity and low privileges required, meaning any logged-in user can exploit it. A vendor patch is available, reducing immediate risk for organizations that can deploy updates promptly.

Technical ContextAI

This vulnerability is classified as CWE-209 (Information Exposure Through an Error Message), which typically occurs when applications expose sensitive data through error messages, logs, or diagnostic outputs that should be restricted. IBM InfoSphere Information Server (cpe:2.3:a:ibm:infosphere_information_server) is a data integration and governance platform that processes sensitive metadata and business information. The affected versions 11.7.0.0 through 11.7.1.6 likely have improper access controls or information filtering mechanisms that allow authenticated users to retrieve data beyond their authorization scope. The network-accessible attack vector (AV:N) indicates the vulnerability can be triggered remotely, and the low attack complexity (AC:L) suggests no special conditions or tools are required to exploit it.

RemediationAI

Organizations should upgrade IBM InfoSphere Information Server to version 11.7.1.7 or later as provided by IBM's security patch available at https://www.ibm.com/support/pages/node/7266748. For environments where immediate patching is not feasible, implement network-level access controls to restrict InfoSphere Information Server access to only authorized users and trusted network segments, disable unnecessary user accounts with access to the platform, and implement enhanced monitoring and logging of information retrieval activities to detect anomalous access patterns. If the application exposes sensitive metadata through API endpoints or dashboards, consider implementing an API gateway with additional authentication and rate-limiting controls until the patch can be deployed.

Share

EUVD-2026-15980 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy