Executive Summary

This vulnerability, identified as CVE-2025-14790, affects IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6. It arises from insufficiently protected credentials, which means that sensitive information such as credentials is not adequately secured.

Because of this weakness, an attacker with low privileges and network access could potentially obtain sensitive information without requiring user interaction.

Useful 0 Not Useful 0

Impact Analysis

The impact of this vulnerability is primarily the disclosure of sensitive information due to exposed credentials. An attacker exploiting this vulnerability could gain access to confidential data, which could lead to further security risks.

The CVSS score of 6.5 indicates a moderate severity, with a high confidentiality impact but no impact on integrity or availability.

Useful 0 Not Useful 0

Detection Guidance

There are no specific detection methods or commands provided to identify this vulnerability on your network or system.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should apply the fixes provided via APAR DT458339.

Additionally, upgrade IBM InfoSphere Information Server to version 11.7.1.0, 11.7.1.6, or 11.7.1.6 Service Pack 2.

No workarounds or other mitigations are provided, so applying the official fixes and upgrades is essential.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability involves insufficiently protected credentials that could allow an attacker to obtain sensitive information, which may impact the confidentiality of data.

Organizations using the affected IBM InfoSphere Information Server versions should assess the impact of this vulnerability within their environments to determine potential compliance risks with standards such as GDPR or HIPAA, which require protection of sensitive information.

The provided information does not explicitly state how this vulnerability affects compliance with specific regulations.

Useful 0 Not Useful 0