Ibm Infosphere Information Server vulnerabilities

CVE-2025-14974 [MEDIUM] CWE-639 CVE-2025-14974: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Obj IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).

CVE-2025-36422 [MEDIUM] CWE-352 CVE-2025-36422: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer i IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE-2025-14912 [MEDIUM] CWE-918 CVE-2025-14912: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request for IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2026-2485 [MEDIUM] CWE-79 CVE-2026-2485: IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scrip IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2025-36258 [HIGH] CWE-256 CVE-2025-36258: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and othe IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.

CVE-2026-1014 [MEDIUM] CWE-319 CVE-2026-1014: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive i IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.

CVE-2025-14810 [MEDIUM] CWE-613 CVE-2025-14810: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after priv IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector:

CVE-2025-14807 [MEDIUM] CWE-644 CVE-2025-14807: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

CVE-2026-2484 [MEDIUM] CWE-209 CVE-2026-2484: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure v IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages

CVE-2026-2483 [MEDIUM] CWE-79 CVE-2026-2483: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. T IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

CVE-2026-1262 [MEDIUM] CWE-209 CVE-2026-1262: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

CVE-2026-1015 [MEDIUM] CWE-918 CVE-2026-1015: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request for IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2025-14790 [MEDIUM] CWE-522 CVE-2025-14790: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensit IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.

CVE-2025-14808 [LOW] CWE-598 CVE-2025-14808: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensit IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.

CVE-2026-1567 [HIGH] CWE-611 CVE-2026-1567: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerabili IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.

CVE-2026-1265 [MEDIUM] CWE-532 CVE-2026-1265: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive In IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.

CVE-2025-12832 [MEDIUM] CWE-918 CVE-2025-12832: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request for IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2025-12531 [HIGH] CWE-611 CVE-2025-12531: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVE-2025-33003 [HIGH] CWE-250 CVE-2025-33003: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain high IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.

CVE-2025-36245 [HIGH] CWE-78 CVE-2025-36245: IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to exe IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.