Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in lxml (CVE-2026-41066)

Summary A vulnerability in the lxml XML processing library CVE-2026-41066 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 6.1.0. Vulnerability Details CVEID:CVE-2026-41066 DESCRIPTION: lxml is a library for processing XML and HTML in the Python...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in uuid (CVE-2026-41907)

Summary A vulnerability in the uuid generation utility library CVE-2026-41907 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 9.0.1. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122...

CVE-2026-1262

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

EUVD-2025-209023

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

CVE-2026-2485

IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2026-1015

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-1262

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

CVE-2025-14974

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

CVE-2025-14808

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

CVE-2025-14807

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2026-1015

Summary: CVE-2026-1015 affects IBM InfoSphere Information Server, with a server-side request forgery (SSRF) vulnerability. Affected versions: 11.7.0.0 to 11.7.1.6. Impact: potential for an authenticated attacker to send unauthorized requests from the system, enabling network enumeration or relate...

CVE-2026-1015 IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-1014

IBM InfoSphere Information Server is vulnerable to exposure of sensitive information via JSON server response manipulation (CVE-2026-1014). Affects InfoSphere Information Server 11.7.0.0 to 11.7.1.6. Root cause: cleartext transmission of sensitive information (CWE-319) via JSON responses. CVSS Ba...

CVE-2026-1014 IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

CVE-2026-2484 IBM InfoSphere Information Server Information Disclosure

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages...

CVE-2025-36258 IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

CVE-2025-36258

CVE-2025-36258 affects IBM InfoSphere Information Server; vulnerability arises from plaintext storage of credentials/readable sensitive data by a local user (CWE-256). Affected versions: 11.7.0.0–11.7.1.6. Remediation: upgrade to 11.7.1.0 or 11.7.1.6, or 11.7.1.6 SP2. Workarounds include changing...

CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

CVE-2025-14974

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

CVE-2026-1262

CVE-2026-1262 affects IBM InfoSphere Information Server (versions 11.7.0.0–11.7.1.6). The issue is an information-disclosure vulnerability (CWE-209) caused by generation of sensitive information in error messages. IBM lists affected versions and provides remediation paths: upgrade to 11.7.1.0 or ...