CVE-2026-1015
Server-Side Request Forgery in IBM InfoSphere Info Server
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | infosphere_information_server | From 11.7.0.0 (inc) to 11.7.1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1015 is a server-side request forgery (SSRF) vulnerability affecting IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6.
This vulnerability allows an authenticated attacker to send unauthorized requests from the server itself. Essentially, the attacker can make the server perform network requests on their behalf, which the attacker would not normally be able to initiate directly.
The vulnerability is classified under CWE-918 and has a CVSS v3.1 base score of 5.4, indicating a moderate severity with low attack complexity and requiring low privileges.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated attacker to send unauthorized requests from your IBM InfoSphere Information Server.
Such unauthorized requests can lead to network enumeration, where the attacker gathers information about your internal network that is not normally accessible.
Additionally, it may facilitate other attacks by using the server as a proxy, potentially bypassing network restrictions or accessing internal resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided for identifying this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the fixes provided in APAR DT458522.
Upgrade IBM InfoSphere Information Server to version 11.7.1.0, 11.7.1.6, or apply the 11.7.1.6 Service Pack 2.
Currently, no workarounds or alternative mitigations are available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-1015 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.