IBM InfoSphere Information Server SSRF Vulnerability

MEDIUM (4.6) No Patch (6 days)
cwe-918ibminformation-serverinfosphereserver-side-request-forgeryssrfvulnerability

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 9%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

IBM InfoSphere Information Server is a data integration and management tool used by organizations to manage and process large amounts of data. This vulnerability allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Am I affected?

Affected versions: 11.7.1.6 If you don't recognise this software, you're probably not affected.

Affected Products

IBM / InfoSphere Information Server

How to fix

Apply IBM InfoSphere Information Server version 11.7.1.0 or later: APAR DT454748
- Alternatively, apply IBM InfoSphere Information Server version 11.7.1.6 with Service Pack 1: APAR DT454748
- Immediate mitigations:
- Restrict network access to your a+HRD instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation

References