Vulnerability-Lookup

CVE-2026-2484 (GCVE-0-2026-2484)

Vulnerability from cvelistv5 – Published: 2026-03-25 20:36 – Updated: 2026-03-26 16:10

Title

IBM InfoSphere Information Server Information Disclosure

Summary

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-209 - Generation of error message containing sensitive information

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7266767	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	InfoSphere Information Server	Affected: 11.7.0.0 , ≤ 11.7.1.6 (semver) cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:::::::* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2484",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T16:10:36.117651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T16:10:51.963Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"
          ],
          "product": "InfoSphere Information Server",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.7.1.6",
              "status": "affected",
              "version": "11.7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan\u003eIBM InfoSphere Information Server\u0026nbsp;\u003c/span\u003e\u003cspan\u003e11.7.0.0 through\u0026nbsp;11.7.1.6\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eis affected by an information exposure vulnerability caused by overly verbose error messages\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM InfoSphere Information Server\u00a011.7.0.0 through\u00a011.7.1.6\u00a0is affected by an information exposure vulnerability caused by overly verbose error messages"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of error message containing sensitive information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T20:42:15.963Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7266767"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM InfoSphere Information Server\u003c/td\u003e\u003ctd\u003e11.7.0.0 to 11.7.1.6\u003c/td\u003e\u003ctd\u003e\u003ca title=\"DT462239\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239\" rel=\"nofollow\"\u003eDT462239\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003e11.7.1.0\u003c/a\u003e\u0026nbsp;\u003cbr\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\"\u003e11.7.1.6\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e--Apply IBM InfoSphere Information Server\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\"\u003e11.7.1.6 Service pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462239 https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779"
        }
      ],
      "title": "IBM InfoSphere Information Server Information Disclosure",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-2484",
    "datePublished": "2026-03-25T20:36:11.556Z",
    "dateReserved": "2026-02-13T19:50:43.069Z",
    "dateUpdated": "2026-03-26T16:10:51.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-2484",
      "date": "2026-05-26",
      "epss": "0.00011",
      "percentile": "0.01474"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-2484\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-03-25T21:16:41.100\",\"lastModified\":\"2026-03-31T19:01:10.060\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM InfoSphere Information Server\u00a011.7.0.0 through\u00a011.7.1.6\u00a0is affected by an information exposure vulnerability caused by overly verbose error messages\"},{\"lang\":\"es\",\"value\":\"IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 se ve afectado por una vulnerabilidad de exposici\u00f3n de informaci\u00f3n causada por mensajes de error excesivamente detallados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.7.0.0\",\"versionEndIncluding\":\"11.7.1.6\",\"matchCriteriaId\":\"65FBF88B-61F0-4D42-A290-453FDC874D7F\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7266767\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2484\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-26T16:10:36.117651Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-26T16:10:40.143Z\"}}], \"cna\": {\"title\": \"IBM InfoSphere Information Server Information Disclosure\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"InfoSphere Information Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.7.1.6\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462239 https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239 --Apply IBM InfoSphere Information Server version\\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \\u00a0\\n--Apply IBM InfoSphere Information Server version\\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \\n\\n--Apply IBM InfoSphere Information Server\\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM InfoSphere Information Server\u003c/td\u003e\u003ctd\u003e11.7.0.0 to 11.7.1.6\u003c/td\u003e\u003ctd\u003e\u003ca title=\\\"DT462239\\\" href=\\\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239\\\" rel=\\\"nofollow\\\"\u003eDT462239\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\\\"https://www.ibm.com/support/pages/node/878310\\\" target=\\\"_blank\\\" rel=\\\"noopener noreferrer nofollow\\\"\u003e11.7.1.0\u003c/a\u003e\u0026nbsp;\u003cbr\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\\\"https://www.ibm.com/support/pages/node/7182872\\\" rel=\\\"nofollow\\\"\u003e11.7.1.6\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e--Apply IBM InfoSphere Information Server\u0026nbsp;\u003ca href=\\\"https://www.ibm.com/support/pages/node/7260779\\\" rel=\\\"nofollow\\\"\u003e11.7.1.6 Service pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7266767\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM InfoSphere Information Server\\u00a011.7.0.0 through\\u00a011.7.1.6\\u00a0is affected by an information exposure vulnerability caused by overly verbose error messages\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cspan\u003eIBM InfoSphere Information Server\u0026nbsp;\u003c/span\u003e\u003cspan\u003e11.7.0.0 through\u0026nbsp;11.7.1.6\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eis affected by an information exposure vulnerability caused by overly verbose error messages\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-209\", \"description\": \"CWE-209 Generation of error message containing sensitive information\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-03-25T20:42:15.963Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-2484\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-26T16:10:51.963Z\", \"dateReserved\": \"2026-02-13T19:50:43.069Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-03-25T20:36:11.556Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CNVD-2026-16131

Vulnerability from cnvd - Published: 2026-04-03

Title

IBM InfoSphere Information Server信息泄露漏洞（CNVD-2026-16131）

Description

IBM InfoSphere Information Server是IBM的数据集成平台，用于整合、清洗、转换和管理企业数据。 IBM InfoSphere Information Server存在信息泄露漏洞，该漏洞源于系统返回了过于详细的错误信息。攻击者可利用该漏洞获取敏感的系统内部信息，从而可能辅助其发起进一步的攻击。

Severity

中

Patch Name

IBM InfoSphere Information Server信息泄露漏洞（CNVD-2026-16131）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.ibm.com/support/pages/node/7266767

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-2484

Impacted products

Name
IBM InfoSphere Information Server >=11.7.0.0，<=11.7.1.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-2484",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-2484"
    }
  },
  "description": "IBM InfoSphere Information Server\u662fIBM\u7684\u6570\u636e\u96c6\u6210\u5e73\u53f0\uff0c\u7528\u4e8e\u6574\u5408\u3001\u6e05\u6d17\u3001\u8f6c\u6362\u548c\u7ba1\u7406\u4f01\u4e1a\u6570\u636e\u3002\n\nIBM InfoSphere Information Server\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u8fd4\u56de\u4e86\u8fc7\u4e8e\u8be6\u7ec6\u7684\u9519\u8bef\u4fe1\u606f\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u7684\u7cfb\u7edf\u5185\u90e8\u4fe1\u606f\uff0c\u4ece\u800c\u53ef\u80fd\u8f85\u52a9\u5176\u53d1\u8d77\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.ibm.com/support/pages/node/7266767",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-16131",
  "openTime": "2026-04-03",
  "patchDescription": "IBM InfoSphere Information Server\u662fIBM\u7684\u6570\u636e\u96c6\u6210\u5e73\u53f0\uff0c\u7528\u4e8e\u6574\u5408\u3001\u6e05\u6d17\u3001\u8f6c\u6362\u548c\u7ba1\u7406\u4f01\u4e1a\u6570\u636e\u3002\r\n\r\nIBM InfoSphere Information Server\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u8fd4\u56de\u4e86\u8fc7\u4e8e\u8be6\u7ec6\u7684\u9519\u8bef\u4fe1\u606f\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u7684\u7cfb\u7edf\u5185\u90e8\u4fe1\u606f\uff0c\u4ece\u800c\u53ef\u80fd\u8f85\u52a9\u5176\u53d1\u8d77\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM InfoSphere Information Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-16131\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "IBM InfoSphere Information Server \u003e=11.7.0.0\uff0c\u003c=11.7.1.6"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-2484",
  "serverity": "\u4e2d",
  "submitTime": "2026-03-31",
  "title": "IBM InfoSphere Information Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-16131\uff09"
}

FKIE_CVE-2026-2484

Vulnerability from fkie_nvd - Published: 2026-03-25 21:16 - Updated: 2026-03-31 19:01

Severity

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages

References

	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7266767	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	infosphere_information_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65FBF88B-61F0-4D42-A290-453FDC874D7F",
              "versionEndIncluding": "11.7.1.6",
              "versionStartIncluding": "11.7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM InfoSphere Information Server\u00a011.7.0.0 through\u00a011.7.1.6\u00a0is affected by an information exposure vulnerability caused by overly verbose error messages"
    },
    {
      "lang": "es",
      "value": "IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 se ve afectado por una vulnerabilidad de exposici\u00f3n de informaci\u00f3n causada por mensajes de error excesivamente detallados."
    }
  ],
  "id": "CVE-2026-2484",
  "lastModified": "2026-03-31T19:01:10.060",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-25T21:16:41.100",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7266767"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

GHSA-GJ7G-W5GQ-HW2H

Vulnerability from github – Published: 2026-03-25 21:30 – Updated: 2026-03-25 21:30

Details

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages

Severity

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-2484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T21:16:41Z",
    "severity": "MODERATE"
  },
  "details": "IBM InfoSphere Information Server\u00a011.7.0.0 through\u00a011.7.1.6\u00a0is affected by an information exposure vulnerability caused by overly verbose error messages",
  "id": "GHSA-gj7g-w5gq-hw2h",
  "modified": "2026-03-25T21:30:36Z",
  "published": "2026-03-25T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2484"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7266767"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2026-0851

Vulnerability from csaf_certbund - Published: 2026-03-24 23:00 - Updated: 2026-03-25 23:00

Summary

IBM InfoSphere Information Server: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial of Service zu verursachen, einen Cross Site Scripting und CSRF Angriff durchzuführen, Informationen offenzulegen und Daten zu manipulieren.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2025-14790

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2025-14808

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2025-14810

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2025-14912

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2025-14974

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2025-36258

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2025-36422

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2026-1014

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2026-1015

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2026-1262

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2026-24400

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2026-2483

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2026-2484

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

CVE-2026-2485

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6`	11.7.0.0-11.7.1.6

References

16 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7266489	external
https://www.ibm.com/support/pages/node/7266685	external
https://www.ibm.com/support/pages/node/7266688	external
https://www.ibm.com/support/pages/node/7266695	external
https://www.ibm.com/support/pages/node/7266696	external
https://www.ibm.com/support/pages/node/7266698	external
https://www.ibm.com/support/pages/node/7266723	external
https://www.ibm.com/support/pages/node/7266736	external
https://www.ibm.com/support/pages/node/7266740	external
https://www.ibm.com/support/pages/node/7266748	external
https://www.ibm.com/support/pages/node/7266761	external
https://www.ibm.com/support/pages/node/7266764	external
https://www.ibm.com/support/pages/node/7266765	external
https://www.ibm.com/support/pages/node/7266767	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial of Service zu verursachen, einen Cross Site Scripting und CSRF Angriff durchzuf\u00fchren, Informationen offenzulegen und Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0851 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0851.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0851 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0851"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266489"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266685"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266688"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266695"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266696"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266698"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266723"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266736"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266740"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266748"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266761"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266764"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266765"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-24",
        "url": "https://www.ibm.com/support/pages/node/7266767"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM InfoSphere Information Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-25T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-26T07:56:10.924+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0851",
      "initial_release_date": "2026-03-24T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-24T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-25T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-209025, EUVD-2025-209023, EUVD-2025-209022, EUVD-2026-15980, EUVD-2025-209019, EUVD-2025-209018, EUVD-2025-209016, EUVD-2025-209010, EUVD-2026-15978, EUVD-2026-15976"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.7.0.0-11.7.1.6",
                "product": {
                  "name": "IBM InfoSphere Information Server 11.7.0.0-11.7.1.6",
                  "product_id": "T048277",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:infosphere_information_server:11.7.0.0_to_11.7.1.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "InfoSphere Information Server"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14790",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2025-14790"
    },
    {
      "cve": "CVE-2025-14808",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2025-14808"
    },
    {
      "cve": "CVE-2025-14810",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2025-14810"
    },
    {
      "cve": "CVE-2025-14912",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2025-14912"
    },
    {
      "cve": "CVE-2025-14974",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2025-14974"
    },
    {
      "cve": "CVE-2025-36258",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2025-36258"
    },
    {
      "cve": "CVE-2025-36422",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2025-36422"
    },
    {
      "cve": "CVE-2026-1014",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2026-1014"
    },
    {
      "cve": "CVE-2026-1015",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2026-1015"
    },
    {
      "cve": "CVE-2026-1262",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2026-1262"
    },
    {
      "cve": "CVE-2026-24400",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2026-24400"
    },
    {
      "cve": "CVE-2026-2483",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2026-2483"
    },
    {
      "cve": "CVE-2026-2484",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2026-2484"
    },
    {
      "cve": "CVE-2026-2485",
      "product_status": {
        "known_affected": [
          "T048277"
        ]
      },
      "release_date": "2026-03-24T23:00:00.000+00:00",
      "title": "CVE-2026-2485"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-2484 (GCVE-0-2026-2484)

CNVD-2026-16131

FKIE_CVE-2026-2484

GHSA-GJ7G-W5GQ-HW2H

WID-SEC-W-2026-0851

Tags

Sightings

Nomenclature