{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14810", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-16T22:58:57.497Z", "datePublished": "2026-03-25T20:11:21.295Z", "dateUpdated": "2026-03-26T17:51:17.562Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:11:21.295Z"}, "title": "IBM InfoSphere Information Server is vulnerable due to insufficient session expiration", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "lessThanOrEqual": "11.7.1.6", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266696", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT458476 https://www.ibm.com/mysupport/s/defect/aCIgJ0000008Z73/dt458476 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><br></p><table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\" DT458476\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008Z73/dt458476\" rel=\"nofollow\">DT458476</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a></td></tr></tbody></table>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14810", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:40:19.149971Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:51:17.562Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14810", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:40:19.149971Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:49:51.943Z"}}], "cna": {"title": "IBM InfoSphere Information Server is vulnerable due to insufficient session expiration", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "InfoSphere Information Server", "versions": [{"status": "affected", "version": "11.7.0.0", "versionType": "semver", "lessThanOrEqual": "11.7.1.6"}]}], "solutions": [{"lang": "en", "value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT458476 https://www.ibm.com/mysupport/s/defect/aCIgJ0000008Z73/dt458476 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779", "supportingMedia": [{"type": "text/html", "value": "<p><br></p><table><tbody><tr><td>Product</td><td>Version(s)</td><td>APAR</td><td>Remediation</td></tr><tr><td>IBM InfoSphere Information Server</td><td>11.7.0.0 to 11.7.1.6</td><td><a title=\" DT458476\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008Z73/dt458476\" rel=\"nofollow\">DT458476</a></td><td>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">11.7.1.0</a>&nbsp;<br>--Apply IBM InfoSphere Information Server version&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\">11.7.1.6</a><br><br>--Apply IBM InfoSphere Information Server&nbsp;<a href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\">11.7.1.6 Service pack 2</a></td></tr></tbody></table>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266696", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)", "supportingMedia": [{"type": "text/html", "value": "<p>IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:11:21.295Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14810", "state": "PUBLISHED", "dateUpdated": "2026-03-26T17:51:17.562Z", "dateReserved": "2025-12-16T22:58:57.497Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-03-25T20:11:21.295Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "65FBF88B-61F0-4D42-A290-453FDC874D7F", "versionEndIncluding": "11.7.1.6", "versionStartIncluding": "11.7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)"}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 no invalida una sesi\u00f3n despu\u00e9s de que los privilegios han sido modificados, lo que podr\u00eda permitir a un usuario autenticado retener el acceso a informaci\u00f3n sensible. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Expiraci\u00f3n de Sesi\u00f3n Insuficiente Fuente CVSS: IBM Puntuaci\u00f3n base CVSS: 6.3 Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)"}], "id": "CVE-2025-14810", "lastModified": "2026-03-26T18:22:50.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T21:16:23.997", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7266696"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.7.0.0,11.7.1.6]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "InfoSphere Information Server", "source": "cna", "vendor": "IBM"}, "product": "infosphere_information_server", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-03-25T21:50:55.635178+00:00", "value": {"mitigation_remediation": ["Install IBM InfoSphere Information Server 11.7.1.6 Service Pack 2 to fully remediate the session expiration issue.", "If Service Pack 2 is not available, apply the 11.7.1.6 update as a transitionary fix.", "Verify that sessions expire correctly after any privilege change in your environment.", "When upgrades cannot be performed immediately, enforce minimal privilege assumptions and monitor session activity for anomalies.", "Continuously review IBM advisories for additional patches or workarounds."], "summary": {"action": "Patch Immediately", "impact": "Extended Access to Sensitive Data"}, "threat_synthesis": {"affected_systems": "The affected product is IBM InfoSphere Information Server, specifically versions 11.7.0.0 through 11.7.1.6. IBM recommends applying the 11.7.1.0, 11.7.1.6, or the 11.7.1.6 Service Pack 2 updates to fully resolve the issue. These patches are available via IBM's support portal.", "description_and_impact": "IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 do not invalidate user sessions when privileges are altered, allowing an authenticated user to continue accessing sensitive information even after a privilege change. The flaw is a session expiration weakness classified as CWE\u2011613, which could enable continued exposure of protected data.", "risk_and_exploitability": "The CVSS 3.1 base score of 6.3 indicates a moderate severity; the vector shows that the attacker must be authenticated and the attack can be launched over the network, with a low complexity requirement. Because the flaw allows a legitimate user to maintain privilege after a change, the risk to confidentiality can be significant if the user has access to sensitive data. The vulnerability is not listed in KEV and EPSS data is not available, but the potential impact and the ease of exploitation suggest that timely remediation is prudent."}}}}, "created": "2026-03-26T11:33:57.815165+00:00", "updated": "2026-03-26T12:09:39.455972+00:00", "vendors": ["ibm", "ibm$PRODUCT$infosphere_information_server"]}