CVE-2026-1015
Received Received - Intake
Server-Side Request Forgery in IBM InfoSphere Info Server

Publication date: 2026-03-25

Last updated on: 2026-03-26

Assigner: IBM Corporation

Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1015
EUVD
EUVD-2026-15978
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm infosphere_information_server From 11.7.0.0 (inc) to 11.7.1.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the CVE-2026-1015 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-1015 is a server-side request forgery (SSRF) vulnerability affecting IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6.

This vulnerability allows an authenticated attacker to send unauthorized requests from the server itself. Essentially, the attacker can make the server perform network requests on their behalf, which the attacker would not normally be able to initiate directly.

The vulnerability is classified under CWE-918 and has a CVSS v3.1 base score of 5.4, indicating a moderate severity with low attack complexity and requiring low privileges.

Impact Analysis

This vulnerability can impact you by allowing an authenticated attacker to send unauthorized requests from your IBM InfoSphere Information Server.

Such unauthorized requests can lead to network enumeration, where the attacker gathers information about your internal network that is not normally accessible.

Additionally, it may facilitate other attacks by using the server as a proxy, potentially bypassing network restrictions or accessing internal resources.

Detection Guidance

There are no specific detection commands or methods provided for identifying this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should apply the fixes provided in APAR DT458522.

Upgrade IBM InfoSphere Information Server to version 11.7.1.0, 11.7.1.6, or apply the 11.7.1.6 Service Pack 2.

Currently, no workarounds or alternative mitigations are available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1015. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart