{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1014", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-01-16T01:38:03.418Z", "datePublished": "2026-03-25T20:40:53.397Z", "dateUpdated": "2026-03-25T20:40:53.397Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:40:53.397Z"}, "title": "IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "lessThanOrEqual": "11.7.1.6", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266736", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462312 https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><br><table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\"DT462312\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312\" rel=\"nofollow\">DT462312</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a><br><br></td></tr></tbody></table></div><p><br></p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation."}], "id": "CVE-2026-1014", "lastModified": "2026-03-25T21:16:28.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T21:16:28.123", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7266736"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T21:20:49.054562+00:00", "value": {"mitigation_remediation": ["Apply IBM InfoSphere Information Server 11.7.1.6 and associated service packs as recommended by IBM.", "Consider applying the 11.7.1.0 patch if upgrading to the latest release is not immediately feasible.", "Verify the application of patches by checking system logs and testing JSON responses for sensitive data exposure.", "Monitor network traffic and user activity for anomalous JSON requests and responses to detect potential exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Sensitive information disclosure"}, "threat_synthesis": {"affected_systems": "IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are affected. The advisory recommends upgrading to version 11.7.1.0, 11.7.1.6 or applying the corresponding Service Pack 2 for these releases.", "description_and_impact": "The vulnerability allows an attacker to manipulate the JSON server response, causing sensitive data to be exposed. This results in an information disclosure impact, compromising confidentiality of the data transmitted by the IBM InfoSphere Information Server. The weakness aligns with CWE-319, an inadequate protection of sensitive information.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate severity vulnerability, and while an EPSS score is not available, the lack of inclusion in CISA's KEV catalog suggests no documented exploitation attacks yet. Based on the description, it is inferred that the attack vector is network-based, likely requiring an authenticated session or at least the ability to send requests to the server\u2019s JSON endpoints. The vulnerability could be exploited by manipulating these responses to retrieve confidential data that should not be exposed to the requesting client."}}}}, "created": "2026-03-25T21:45:59.807036+00:00", "updated": "2026-03-25T21:45:59.807062+00:00", "vendors": []}