CVE-2025-14974

MEDIUM

IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference

Title source: cna
STIX 2.1

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).

References (1)

Scores

CVSS v3 5.7
EPSS 0.0009
EPSS Percentile 25.1%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (2)
IBM/InfoSphere Information Server 11.7.0.0 - 11.7.1.6
ibm/infosphere_information_server 11.7.0.0 - 11.7.1.6
Published Mar 25, 2026
Tracked Since Mar 26, 2026