anonhaven
Ad

CVE-2026-2485

MEDIUM CVSS 3.1: 4.8 EPSS 0.03%
Updated Mar 26, 2026
IBM
Parameter Value
CVSS 4.8 (MEDIUM)
Affected Versions 11.7.0.0 — 11.7.1.6
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor IBM
Public PoC No

IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Ibm Infosphere_Information_Server
cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*
 11.7.0.0 <= 11.7.1.6
Ibm Aix
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Windows
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References 1

https://www.ibm.com/support/pages/node/7266765
psirt@us.ibm.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-2483

IBM

5.4

CVE-2026-1262

IBM

4.3

CVE-2026-1015

IBM

5.4

CVE-2026-1014

IBM

6.5

CVE-2025-64648

IBM

5.9