CVE-2026-1567
Awaiting Analysis Awaiting Analysis - Queue
XXE Vulnerability in IBM InfoSphere Server Risks Data Exposure

Publication date: 2026-03-03

Last updated on: 2026-03-05

Assigner: IBM Corporation

Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-05
Generated
2026-05-07
AI Q&A
2026-03-03
EPSS Evaluated
2026-05-05
NVD
CVE-2026-1567
EUVD
EUVD-2026-9318
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm infosphere_information_server From 11.7 (inc) to 11.7.1.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-1567 is an XML External Entity (XXE) injection vulnerability affecting IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6.

This vulnerability allows attackers with limited privileges to remotely exploit the system without any user interaction.

By exploiting this flaw, attackers can retrieve sensitive information from the server.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized disclosure of sensitive information from the affected IBM InfoSphere Information Server.

It has a CVSS v3.1 base score of 7.1, indicating a high impact on availability and a low attack complexity.

Attackers with limited privileges can remotely exploit this vulnerability without user interaction, potentially disrupting service availability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2026-1567 vulnerability in IBM InfoSphere Information Server, you should apply the updates to versions 11.7.1.0, 11.7.1.5, or 11.7.1.6, or apply the security patch identified by APAR DT461311.

No workarounds or alternative mitigations are provided, so applying the official patches or updates is the recommended immediate step.

Additionally, it is advised to assess the impact of this vulnerability in your environment and subscribe to IBM security notifications for future updates.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart