Primary

Context

IBM InfoSphere Information Server XML External Entity Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing XML external entity injection (XXE) has been identified in IBM InfoSphere Information Server versions 11.7.0.0 prior to 11.7.1.6. This vulnerability arises when the application processes XML data, potentially allowing remote attackers to exploit it by exposing sensitive information or consuming memory resources.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information or excessive memory consumption, potentially causing a denial of service.

Remediation

Users can upgrade to IBM InfoSphere Information Server versions 11.7.1.0, 11.7.1.5, or 11.7.1.6. Alternatively, apply the IBM InfoSphere Information Server security patch associated with APAR DT454196.

Added: Nov 3, 2025, 8:19 PM

Updated: Nov 3, 2025, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM InfoSphere Information Server XML External Entity Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM InfoSphere Information Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating