CVE-2025-14790
Credential Exposure in IBM InfoSphere Information Server 11.7.x
Publication date: 2026-03-25
Last updated on: 2026-03-30
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | infosphere_information_server | From 11.7.0.0 (inc) to 11.7.1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability, identified as CVE-2025-14790, affects IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6. It arises from insufficiently protected credentials, which means that sensitive information such as credentials is not adequately secured.
Because of this weakness, an attacker with low privileges and network access could potentially obtain sensitive information without requiring user interaction.
How can this vulnerability impact me? :
The impact of this vulnerability is primarily the disclosure of sensitive information due to exposed credentials. An attacker exploiting this vulnerability could gain access to confidential data, which could lead to further security risks.
The CVSS score of 6.5 indicates a moderate severity, with a high confidentiality impact but no impact on integrity or availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection methods or commands provided to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the fixes provided via APAR DT458339.
Additionally, upgrade IBM InfoSphere Information Server to version 11.7.1.0, 11.7.1.6, or 11.7.1.6 Service Pack 2.
No workarounds or other mitigations are provided, so applying the official fixes and upgrades is essential.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves insufficiently protected credentials that could allow an attacker to obtain sensitive information, which may impact the confidentiality of data.
Organizations using the affected IBM InfoSphere Information Server versions should assess the impact of this vulnerability within their environments to determine potential compliance risks with standards such as GDPR or HIPAA, which require protection of sensitive information.
The provided information does not explicitly state how this vulnerability affects compliance with specific regulations.