{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2484", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-02-13T19:50:43.069Z", "datePublished": "2026-03-25T20:36:11.556Z", "dateUpdated": "2026-03-25T20:42:15.963Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:42:15.963Z"}, "title": "IBM InfoSphere Information Server Information Disclosure", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-209", "description": "CWE-209 Generation of error message containing sensitive information", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "lessThanOrEqual": "11.7.1.6", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server\u00a011.7.0.0 through\u00a011.7.1.6\u00a0is affected by an information exposure vulnerability caused by overly verbose error messages", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><span>IBM InfoSphere Information Server&nbsp;</span><span>11.7.0.0 through&nbsp;11.7.1.6</span><span>&nbsp;</span><span>is affected by an information exposure vulnerability caused by overly verbose error messages</span></p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266767", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462239 https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\"DT462239\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000AAUL/dt462239\" rel=\"nofollow\">DT462239</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a></td></tr></tbody></table>"}]}], "x_generator": {"engine": "ibm-cvegen"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server\u00a011.7.0.0 through\u00a011.7.1.6\u00a0is affected by an information exposure vulnerability caused by overly verbose error messages"}], "id": "CVE-2026-2484", "lastModified": "2026-03-25T21:16:41.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T21:16:41.100", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7266767"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T21:22:55.774346+00:00", "value": {"mitigation_remediation": ["Apply IBM\u202fInfoSphere\u202fInformation\u202fServer version\u202f11.7.1.6 security fix (link).", "Apply service pack 2 update for 11.7.1.6 (link).", "Verify that the web UI component has been updated; test for outbound requests to confirm the XSS patch.", "If a patch cannot be applied immediately, monitor user agents attempting malicious script injection and restrict access to the web UI from untrusted internal networks."], "summary": {"action": "Patch", "impact": "Cross-site scripting may lead to credential disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is IBM\u202fInfoSphere\u202fInformation\u202fServer. Vulnerable releases begin with version\u202f11.7.0.0 and continue through 11.7.1.6, including the 11.7.1.6 service pack 2 build. Systems running these versions should be reviewed for the presence of the web UI component.", "description_and_impact": "IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a client-side cross\u2011site scripting vulnerability. An attacker can inject arbitrary JavaScript into the web UI, which the browser will execute in the context of an authenticated session. This flaw allows the attacker to modify page behavior or capture information such as session cookies or user credentials. The weakness aligns with the common web vulnerability category CWE\u201179.", "risk_and_exploitability": "The CVSS base score of 5.4 indicates a moderate severity; the vulnerability is exploitable when the web UI is reachable to a malicious actor. No EPSS score is available, and the flaw is not present in the CISA KEV list, suggesting limited known exploitation. The likely attack vector is via a remote web request to the vulnerable UI; exposure requires the attacker to write or embed malicious script through an input field or similar interface that is not properly sanitized."}}}}, "created": "2026-03-25T21:46:03.732568+00:00", "updated": "2026-03-25T21:46:03.732591+00:00", "vendors": []}