Zero Day MonitorZDM

← Back to list

—

CVE-2026-29063

IBM · InfoSphere Information Server

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(),

Description

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.

Affected Products

Vendor	Product	Versions
IBM	InfoSphere Information Server	11.7.1.0, 11.7.1.6, 11.7.1.6 Service pack 2

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	websphere application	cert_advisory	90%

References

Related News (3 articles)

Tier B

CERT-FR5d ago

Multiples vulnérabilités dans les produits IBM (27 mars 2026)

→ No new info (linked only)

Tier D

Heise Security6d ago

IBM InfoSphere Information Server speichert Passwörter unverschlüsselt

→ No new info (linked only)

Tier B

BSI Advisories6d ago

[UPDATE] [mittel] IBM WebSphere Application Server Liberty: Mehrere Schwachstellen

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-1321

PublishedMar 6, 2026

Last enriched5d agov2

Trending Score18

Source articles3

Independent3

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple Vulnerabilities in IBM Security Verify Access Allowing Privilege Escalation, Code Execution, and Data Exposure

HIGHCVE-2025-13855

IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

HIGHCVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.

MEDIUMCVE-2025-14807

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct

MEDIUMCVE-2025-13490

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 6, 2026

Discovered by ZDM

Mar 26, 2026

Updated: vendor, product, affectedVersions

Mar 27, 2026

Version History

v2

Last enriched 5d ago

v2Tier D5d ago

Added vendor and product information, updated severity to HIGH, and included affected versions for IBM InfoSphere Information Server.

vendorproductaffectedVersions

via Heise Security

v15d ago

Initial creation