{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1014", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-01-16T01:38:03.418Z", "datePublished": "2026-03-25T20:40:53.397Z", "dateUpdated": "2026-03-26T17:51:16.775Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:40:53.397Z"}, "title": "IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "lessThanOrEqual": "11.7.1.6", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266736", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462312 https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><br><table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\"DT462312\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312\" rel=\"nofollow\">DT462312</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a><br><br></td></tr></tbody></table></div><p><br></p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1014", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:39:04.372862Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:51:16.775Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "versionType": "semver", "lessThanOrEqual": "11.7.1.6"}]}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT462312 https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "value": "<div><br><table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\"DT462312\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312\" rel=\"nofollow\">DT462312</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a><br><br></td></tr></tbody></table></div><p><br></p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266736", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:40:53.397Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1014", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:39:04.372862Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-26T17:49:09.242Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-1014", "state": "PUBLISHED", "dateUpdated": "2026-03-25T20:40:53.397Z", "dateReserved": "2026-01-16T01:38:03.418Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-03-25T20:40:53.397Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "65FBF88B-61F0-4D42-A290-453FDC874D7F", "versionEndIncluding": "11.7.1.6", "versionStartIncluding": "11.7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation."}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 es vulnerable a la exposici\u00f3n de informaci\u00f3n sensible a trav\u00e9s de la manipulaci\u00f3n de la respuesta del servidor JSON."}], "id": "CVE-2026-1014", "lastModified": "2026-03-26T18:16:38.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T21:16:28.123", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7266736"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[11.7.0.0,11.7.1.6]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "InfoSphere Information Server", "source": "cna", "vendor": "IBM"}, "product": "infosphere_information_server", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-03-26T19:51:41.126241+00:00", "value": {"mitigation_remediation": ["Apply APAR DT462312 for IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 \u2013 https://www.ibm.com/mysupport/s/defect/aCIgJ000000ACMT/dt462312", "Apply IBM InfoSphere Information Server version 11.7.1.0 \u2013 https://www.ibm.com/support/pages/node/878310", "Apply IBM InfoSphere Information Server version 11.7.1.6 \u2013 https://www.ibm.com/support/pages/node/7182872", "Apply IBM InfoSphere Information Server 11.7.1.6 Service Pack 2 \u2013 https://www.ibm.com/support/pages/node/7260779"], "summary": {"action": "Apply Patch", "impact": "Exposure of sensitive information"}, "threat_synthesis": {"affected_systems": "IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 on IBM AIX, Linux, or Windows are affected. The issue manifests when the server exposes JSON responses to external clients, regardless of the underlying operating system.", "description_and_impact": "The vulnerability involves manipulating JSON server responses from IBM InfoSphere Information Server, allowing unauthorized parties to receive data that should remain confidential. This results in a breach of confidentiality, exposing sensitive information processed by the server. The flaw is categorized under CWE\u2011319, indicating insecure transmission of information.", "risk_and_exploitability": "The CVSS score of 6.5 reflects moderate severity, and the EPSS score of less than 1% indicates a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Attack requires remote network access to the server\u2019s JSON API; no privileged escalation is necessary, but an attacker who can craft requests may view sensitive data."}}}}, "created": "2026-03-25T21:45:59.807036+00:00", "updated": "2026-03-27T09:29:34.469588+00:00", "vendors": ["ibm", "ibm$PRODUCT$infosphere_information_server"]}