CVE-2025-14810

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 91.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server

Timeline

PublishedMar 25

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5ibm/infosphere_information_server11.7.0.0 — 11.7.1.6

▶NVDibm/infosphere_information_server11.7.0.0 — 11.7.1.6

🔴Vulnerability Details

CVEList

IBM InfoSphere Information Server is vulnerable due to insufficient session expiration↗2026-03-25

▶

GHSA

GHSA-68qv-w55v-9mrv: IBM InfoSphere Information Server 11↗2026-03-25

▶