CVE-2026-1567 — XML External Entity (XXE) Injection in IBM Infosphere Information Server

CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

7.5HIGHNVD

CNA7.1

EPSS

0.0%

top 89.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server

Timeline

PublishedMar 3

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/infosphere_information_server11.7.0.0 — 11.7.1.6

▶NVDibm/infosphere_information_server11.7 — 11.7.1.6

🔴Vulnerability Details

CVEList

IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability↗2026-03-03

▶

GHSA

GHSA-r3q8-g85h-ppf4: IBM InfoSphere Information Server 11↗2026-03-03

▶