IBM InfoSphere Information Server is vulnerable to HTTP header injection

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Basic Information

ID CVE-2025-14807

Source ibm

Published Mar 25, 2026 at 20:46

Modified Mar 26, 2026 at 15:24

Affected Product

Vendor IBM

Product InfoSphere Information Server

Version 11.7.0.0

Affected Versions IBM InfoSphere Information Server 11.7.0.0

CWE Classification

CWE-644

References

www.ibm.com /support/pages/node/7267526

{
    "lastseen": "",
    "description": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST\u00a0headers. This could allow an attacker to conduct various attacks against the vulnerable system,\u00a0including cross-site scripting, cache poisoning or session hijacking.",
    "published": "2026-03-25T20:46:59.027Z",
    "modified": "2026-03-26T15:24:10.539Z",
    "type": "cve",
    "title": "IBM InfoSphere Information Server is vulnerable to HTTP header injection",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7267526",
    "id": "CVE-2025-14807",
    "bulletinFamily": "",
    "cwe": [
        "CWE-644"
    ],
    "cvelist": null,
    "sourceData": "IBM InfoSphere Information Server 11.7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InfoSphere Information Server",
    "version": "11.7.0.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

IBM InfoSphere Information Server is vulnerable to HTTP header injection_CVE-2025-14807