IBM Infosphere Information Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Infosphere Information Server.
By the Year
In 2026 there have been 16 vulnerabilities in IBM Infosphere Information Server with an average score of 5.4 out of ten. Last year, in 2025 Infosphere Information Server had 20 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Infosphere Information Server in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.77
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 16 | 5.44 |
| 2025 | 20 | 6.21 |
| 2024 | 26 | 5.51 |
| 2023 | 21 | 6.80 |
| 2022 | 21 | 6.90 |
| 2021 | 5 | 7.60 |
| 2020 | 10 | 5.56 |
| 2019 | 11 | 6.37 |
| 2018 | 4 | 0.00 |
It may take a day or so for new Infosphere Information Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Infosphere Information Server Security Vulnerabilities
IBM InfoSphere Information Server 11.7.x Host Header Injection
CVE-2025-14807
6.5 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Improper Neutralization of HTTP Headers for Scripting Syntax
IBM InfoSphere InfoServer 11.7.x SSRF via Outbound Requests
CVE-2026-1015
5.4 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
SSRF
IBM InfoSphere IS 11.7 JSON Response Info Leakage
CVE-2026-1014
6.5 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.
Cleartext Transmission of Sensitive Information
IBM InfoSphere InfoServer XSS via Web UI Before 11.7.1.6 (CVE20262483)
CVE-2026-2483
5.4 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
XSS
IBM InfoSphere InfoServer 11.7.x Info Exposure via Verbose Errors
CVE-2026-2484
4.3 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages
Generation of Error Message Containing Sensitive Information
CSRF in IBM InfoSphere DataStage Flow Designer v11.7.0.011.7.1.6
CVE-2025-36422
4.3 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Session Riding
IBM InfoSphere IS 11.7.x Plain-Text Credential Storage Local Privilege Escalation
CVE-2025-36258
7.1 - High
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.
Unprotected Storage of Credentials
Infosphere IS 11.7.x Web UI XSS (stored) - Arbitrary JS exec
CVE-2026-2485
4.8 - Medium
- March 25, 2026
IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IDOR in IBM InfoSphere Information Server < 11.7.1.7
CVE-2025-14974
5.7 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).
Insecure Direct Object Reference / IDOR
IBM InfoSphere Info Server 11.7 Info Disclosure (CVE-2026-1262)
CVE-2026-1262
4.3 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
Generation of Error Message Containing Sensitive Information
SSRF in IBM InfoSphere Info Server 11.7.0.0-11.7.1.6
CVE-2025-14912
5.4 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
SSRF
IBM InfoSphere Info Server 11.7.0.0-11.7.1.6: Session Expiration Lapse
CVE-2025-14810
6.3 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Insufficient Session Expiration
IBM InfoSphere IS v11.7.0.0-11.7.1.6 Info Leak via HTTP GET Query
CVE-2025-14808
3.1 - Low
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Use of GET Request Method With Sensitive Query Strings
IBM InfoSphere Info Server 11.7.*: Unprotected credentials expose sensitive data
CVE-2025-14790
6.5 - Medium
- March 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.
Insufficiently Protected Credentials
XXE in IBM InfoSphere Info Server 11.7.0.0-11.7.1.6 XML Parser
CVE-2026-1567
7.1 - High
- March 03, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.
XXE
IBM InfoSphere Information Server 11.7.0.011.7.1.6 Log File Sensitive Data Leak
CVE-2026-1265
4.3 - Medium
- March 03, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.
Insertion of Sensitive Information into Log File
IBM InfoSphere Information Server SSRF (pre-11.7.1.6)
CVE-2025-12832
4.6 - Medium
- December 08, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
SSRF
IBM InfoSphere InfoSrv XXE Vulnerability in XML Parser v11.7.0.011.7.1.6
CVE-2025-12531
7.1 - High
- November 03, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
XXE
IBM InfoSphere InfoServer 11.7.0.0-11.7.1.6 PrivEsc via Unnecc Exec
CVE-2025-33003
7.8 - High
- October 31, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.
Execution with Unnecessary Privileges
IBM InfoSphere 11.7.0.011.7.1.6 Auth Cmd Execution via Input Validation
CVE-2025-36245
8.8 - High
- September 29, 2025
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
Shell injection
IBM InfoSphere DataStage Flow Designer 11.7 API Cleartext Disclosure
CVE-2025-36034
5.9 - Medium
- June 26, 2025
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.
Cleartext Transmission of Sensitive Information
IBM Infosphere IS 11.7 SQLi via Remote Inputs
CVE-2025-0966
7.6 - High
- June 25, 2025
IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
SQL Injection
DoS in IBM InfoSphere Server 11.7.0.0-11.7.1.6 Resource Validation
CVE-2025-3221
7.5 - High
- June 21, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.
Allocation of Resources Without Limits or Throttling
IBM InfoSphere Info Server 11.7.x Authenticated User Can Delete Others' Comments
CVE-2025-3629
4.3 - Medium
- June 21, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.
Improper Ownership Management
InfoSphere InfoSrv 11.7 Credential Storage in Cleartext Param File
CVE-2025-1499
6.5 - Medium
- June 01, 2025
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
Cleartext Storage of Sensitive Information
IBM InfoSphere InfoServer 11.7 Authenticated Directory Listing Disclosure
CVE-2025-1138
4.3 - Medium
- May 15, 2025
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
Exposure of Information Through Directory Listing
IBM InfoSphere 11.7: Session Not Invalidated on Logout, Allows User Impersonation
CVE-2024-22351
6.3 - Medium
- April 23, 2025
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration
IBM InfoSphere Info Server 11.7 Auth User Can Leak Sensitive Info
CVE-2025-25045
4.3 - Medium
- April 23, 2025
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
IBM InfoSphere DataStage Flow Designer 11.7 URL Params Sensitive Data Exposure
CVE-2025-25046
3.7 - Low
- April 23, 2025
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
Cleartext Transmission of Sensitive Information
IBM InfoSphere Info Server 11.7 Remote Info Disclosure via Error Trace
CVE-2024-55895
5.3 - Medium
- March 29, 2025
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
Authenticated Local Info Disclosure in IBM Infosphere 11.7
CVE-2024-43186
6.5 - Medium
- March 29, 2025
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
Unprotected Storage of Credentials
InfoSphere InfoSrvr 11.7 Credential Disclosure in New Install
CVE-2024-7577
7.5 - High
- March 29, 2025
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
Insertion of Sensitive Information into Log File
IBM InfoSphere Info Server 11.7 Auth. Username Leak via Response Mismatch
CVE-2024-51477
6.5 - Medium
- March 29, 2025
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
Side Channel Attack
IBM InfoSphere IS 11.7 Local Privilege Escape via Permission Mis-Handling
CVE-2024-51459
7.8 - High
- March 19, 2025
IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
Improper Handling of Insufficient Permissions or Privileges
InfoSphere InfoServer 11.7 Version Disclosure Remote Info Leak
CVE-2024-40706
4.3 - Medium
- January 24, 2025
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
IBM InfoSphere IS 11.7 Dir Traversal via URL /../
CVE-2024-52363
7.5 - High
- January 17, 2025
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Directory traversal
IBM InfoSphere Information Server Clickjacking Vulnerability
CVE-2021-29827
5.2 - Medium
- December 19, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Clickjacking
IBM InfoSphere Information Server GUI Improper Input Validation Vulnerability
CVE-2024-52901
6.5 - Medium
- December 12, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
Improper Validation of Specified Quantity in Input
IBM InfoSphere Information Server: Authenticated User Information Disclosure via Stack Trace
CVE-2024-51460
4.3 - Medium
- December 11, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
IBM InfoSphere DataStage Flow Designer Information Disclosure Vulnerability
CVE-2023-23472
6.5 - Medium
- December 11, 2024
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
InfoSphere IS 11.7 Auth Header Leakage for Privileged Users
CVE-2024-40704
4.9 - Medium
- August 15, 2024
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.
Insufficiently Protected Credentials
InfoSphere Unrestricted File Upload Enables Disk Exhaustion
CVE-2024-40705
6.5 - Medium
- August 15, 2024
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.
Amplification
InfoSphere Info Serv 11.7: Browser Error Disclosure Enables Remote Info Leak
CVE-2024-39751
4.3 - Medium
- August 06, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429
Generation of Error Message Containing Sensitive Information
IBM InfoSphere Info Server 11.7 SQL Injection Vulnerability
CVE-2024-40689
9.8 - Critical
- July 26, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.
SQL Injection
InfoSphere InfoServer 11.7 Local Info Leak via Physical Access
CVE-2024-37533
4.6 - Medium
- July 24, 2024
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.
Privacy violation
IBM InfoSphere Server 11.7 XSS in Web UI (CVE-2024-40690)
CVE-2024-40690
5.4 - Medium
- July 12, 2024
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.
XSS
IBM InfoSphere InfoServer 11.7 XSS in Web UI (arbitrary JS injection)
CVE-2024-28794
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831.
XSS
InfoSphere Info Server 11.7 XSS in Web UI
CVE-2023-50964
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102.
XSS
IBM InfoSphere Info Server 11.7 Stored XSS in Web UI
CVE-2024-28797
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136.
XSS
InfoSphere Info Ser v11.7 Auth Bypass via IDOR
CVE-2024-31898
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182.
Insecure Direct Object Reference / IDOR
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Infosphere Information Server or by IBM? Click the Watch button to subscribe.
