CVE-2026-1567
Awaiting Analysis Awaiting Analysis - Queue

XXE Vulnerability in IBM InfoSphere Server Risks Data Exposure

Vulnerability report for CVE-2026-1567, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-03

Last updated on: 2026-03-05

Assigner: IBM Corporation

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-03
Last Modified
2026-03-05
Generated
2026-07-06
AI Q&A
2026-03-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ibm infosphere_information_server From 11.7 (inc) to 11.7.1.6 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-1567 is an XML External Entity (XXE) injection vulnerability affecting IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6.

This vulnerability allows attackers with limited privileges to remotely exploit the system without any user interaction.

By exploiting this flaw, attackers can retrieve sensitive information from the server.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive information from the affected IBM InfoSphere Information Server.

It has a CVSS v3.1 base score of 7.1, indicating a high impact on availability and a low attack complexity.

Attackers with limited privileges can remotely exploit this vulnerability without user interaction, potentially disrupting service availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2026-1567 vulnerability in IBM InfoSphere Information Server, you should apply the updates to versions 11.7.1.0, 11.7.1.5, or 11.7.1.6, or apply the security patch identified by APAR DT461311.

No workarounds or alternative mitigations are provided, so applying the official patches or updates is the recommended immediate step.

Additionally, it is advised to assess the impact of this vulnerability in your environment and subscribe to IBM security notifications for future updates.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1567. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart