CVE-2025-1138 — Exposure of Information Through Directory Listing in IBM Infosphere Information Server

CWE-548 — Exposure of Information Through Directory Listing3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 61.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server IBM Infosphere Information Server ON Cloud

Timeline

PublishedMay 15

Description

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5ibm/infosphere_information_server11.7

▶NVDibm/infosphere_information_server11.7

▶NVDibm/infosphere_information11.7

🔴Vulnerability Details

CVEList

IBM Information Server information disclosure↗2025-05-15

▶

GHSA

GHSA-m2m5-cxxq-m4hm: IBM InfoSphere Information Server 11↗2025-05-15

▶