DNA View

CVE-2026-2483

Medium

Low Medium High Critical

5.4

CVSS Score

Published: Mar 25, 2026

Last Modified: Mar 26, 2026

CWE: CWE-79

Vulnerability Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

4 configuration(s) from 1 vendor(s)

infosphere_information_server

Version:

11.7

CPE:

cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

infosphere_information_server

Version:

11.7.0.1

CPE:

cpe:2.3:a:ibm:infosphere_information_server:11.7.0.1:*:*:*:*:*:*:*

infosphere_information_server

Version:

11.7.0.2

CPE:

cpe:2.3:a:ibm:infosphere_information_server:11.7.0.2:*:*:*:*:*:*:*

infosphere_information_server

Version:

11.7.1

CPE:

cpe:2.3:a:ibm:infosphere_information_server:11.7.1:*:*:*:*:*:*:*

This vulnerability affects 4 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://www.ibm.com/support/pages/node/7266764
psirt@us.ibm.com Vendor Advisory

Severity Details

5.4

out of 10.0

Medium

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description: The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood: High
Typical Severity: Medium
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base