Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in lxml (CVE-2026-41066)

Summary A vulnerability in the lxml XML processing library CVE-2026-41066 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 6.1.0. Vulnerability Details CVEID:CVE-2026-41066 DESCRIPTION: lxml is a library for processing XML and HTML in the Python...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in uuid (CVE-2026-41907)

Summary A vulnerability in the uuid generation utility library CVE-2026-41907 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 9.0.1. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122...

CVE-2026-2485

IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2026-1015 IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-1014

IBM InfoSphere Information Server is vulnerable to exposure of sensitive information via JSON server response manipulation (CVE-2026-1014). Affects InfoSphere Information Server 11.7.0.0 to 11.7.1.6. Root cause: cleartext transmission of sensitive information (CWE-319) via JSON responses. CVSS Ba...

CVE-2026-1014 IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

CVE-2025-36258

CVE-2025-36258 affects IBM InfoSphere Information Server; vulnerability arises from plaintext storage of credentials/readable sensitive data by a local user (CWE-256). Affected versions: 11.7.0.0–11.7.1.6. Remediation: upgrade to 11.7.1.0 or 11.7.1.6, or 11.7.1.6 SP2. Workarounds include changing...

CVE-2026-1262 IBM InfoSphere Information Server Information Disclosure

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

CVE-2025-14912 IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-14810 IBM InfoSphere Information Server is vulnerable due to insufficient session expiration

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...

CVE-2025-14808

IBM Security Bulletin confirms CVE-2025-14808 in IBM InfoSphere Information Server, describing a sensitive information disclosure via the query string of HTTP GET requests. Affected versions: InfoSphere Information Server 11.7.0.0–11.7.1.6. Root cause: exposure of sensitive data in a GET request;...

CVE-2025-14790 IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTTP header injection (CVE-2025-14807)

Summary A HTTP header injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14807 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This coul...

PT-2026-28111

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

PT-2026-28094

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2026-2483)

Summary A cross-site scripting vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2026-2483 DESCRIPTION: InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insufficient session expiration (CVE-2025-14810)

Summary A vulnerability due to insufficient session expiration in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14810 DESCRIPTION: InfoSphere Information Server does not invalidate a session after privileges have been modified which could allow an...

IBM InfoSphere Information Server 代码问题漏洞

IBM InfoSphere Information Server is a data integration platform developed by the American multinational company International Business Machines IBM. This platform can be used to integrate data from various sources. Versions of IBM InfoSphere Information Server ranging from 11.7.0.0 to 11.7.1.6...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Netty codec (CVE-2025-58057)

Summary A vulnerability in Netty codec that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol serve...

PT-2025-44790

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 Description IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are susceptible to an XML external entity injection XXE attack when processing XML data. A...