{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14790", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-16T15:16:46.735Z", "datePublished": "2026-03-25T20:06:18.538Z", "dateUpdated": "2026-03-26T15:37:32.940Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:07:28.193Z"}, "title": "IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "lessThanOrEqual": "11.7.1.6", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266688", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT458339 https://www.ibm.com/mysupport/s/defect/aCIgJ0000008VbJ/dt458339 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><br></p><table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\"DT458339\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008VbJ/dt458339\" rel=\"nofollow\">DT458339</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a><br><br></td></tr></tbody></table>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T15:37:26.848216Z", "id": "CVE-2025-14790", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:37:32.940Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14790", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T15:37:26.848216Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:37:29.776Z"}}], "cna": {"title": "IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "versionType": "semver", "lessThanOrEqual": "11.7.1.6"}]}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT458339 https://www.ibm.com/mysupport/s/defect/aCIgJ0000008VbJ/dt458339 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "value": "<p><br></p><table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\"DT458339\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008VbJ/dt458339\" rel=\"nofollow\">DT458339</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a><br><br></td></tr></tbody></table>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266688", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:07:28.193Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14790", "state": "PUBLISHED", "dateUpdated": "2026-03-26T15:37:32.940Z", "dateReserved": "2025-12-16T15:16:46.735Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-03-25T20:06:18.538Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "65FBF88B-61F0-4D42-A290-453FDC874D7F", "versionEndIncluding": "11.7.1.6", "versionStartIncluding": "11.7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials."}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 podr\u00eda permitir a un atacante obtener informaci\u00f3n sensible debido a credenciales insuficientemente protegidas."}], "id": "CVE-2025-14790", "lastModified": "2026-03-30T16:59:59.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T20:16:22.267", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7266688"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[11.7.0.0,11.7.1.6]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "InfoSphere Information Server", "source": "cna", "vendor": "IBM"}, "product": "infosphere_information_server", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-03-25T21:51:46.597032+00:00", "value": {"mitigation_remediation": ["Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 2.", "Apply IBM InfoSphere Information Server 11.7.1.6.", "Apply IBM InfoSphere Information Server 11.7.1.0.", "Apply the remediation for versions 11.7.0.0 through 11.7.1.6 via the DT458339 advisory."], "summary": {"action": "Apply Patch", "impact": "Sensitive Information Disclosure"}, "threat_synthesis": {"affected_systems": "IBM InfoSphere Information Server product family, specifically releases 11.7.0.0 up to and including 11.7.1.6, are affected. Administrators managing these versions should assume the system is vulnerable until an official remediation is applied.", "description_and_impact": "The vulnerability resides in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6, where credentials are not adequately protected. This weakness, identified as CWE\u2011522, allows an attacker who can obtain valid credentials to access sensitive information stored or transmitted by the system. The result is a breach of confidentiality, potentially exposing confidential data to unauthorized parties.", "risk_and_exploitability": "The CVSS base score of 6.5 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploits. The likely attack path is inferred from the description: an adversary would need to acquire valid credentials, which, if obtained, would allow them to read or export protected information. Without credential compromise, the exploitation risk remains limited."}}}}, "created": "2026-03-26T11:34:01.442075+00:00", "updated": "2026-03-26T12:09:42.103991+00:00", "vendors": ["ibm", "ibm$PRODUCT$infosphere_information_server"]}