CVE-2025-14974Authorization Bypass Through User-Controlled Key in IBM Infosphere Information Server

CWE-639Authorization Bypass Through User-Controlled Key3 documents3 sources
Severity
7.5HIGHNVD
CNA5.7
EPSS
0.0%
top 85.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Infosphere Information Server
Timeline
PublishedMar 25

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/infosphere_information_server11.7.0.011.7.1.6
NVDibm/infosphere_information_server11.7.0.011.7.1.6

🔴Vulnerability Details

2
CVEList
IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference2026-03-25
GHSA
GHSA-pqx7-wmpc-ggm9: IBM InfoSphere Information Server 112026-03-25
CVE-2025-14974 — IBM vulnerability | cvebase