Zero Day MonitorZDM

← Back to list

6.5

CVE-2025-14807PATCHED

ibm · infosphere_information_server

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Affected Products

Vendor	Product	Versions
ibm	infosphere_information_server	<= 11.7.1.6

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	infosphere information	cert_advisory	90%

References

https://www.ibm.com/support/pages/node/7267526(Vendor Advisory)

Related News (1 articles)

Tier B

BSI Advisories6d ago

[NEU] [mittel] IBM InfoSphere Information Server: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

→ No new info (linked only)

CVSS 3.16.5 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

11.7.1.6

CWECWE-644

PublishedMar 25, 2026

Last enriched5d ago

Trending Score10

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple Vulnerabilities in IBM Security Verify Access Allowing Privilege Escalation, Code Execution, and Data Exposure

HIGHCVE-2025-13855

IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

NONECVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(),

HIGHCVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.

MEDIUMCVE-2025-13490

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 25, 2026

Patch Available

Mar 26, 2026

Discovered by ZDM

Mar 26, 2026