SB2026062914 - Multiple vulnerabilities in IBM InfoSphere Information Server



SB2026062914 - Multiple vulnerabilities in IBM InfoSphere Information Server

Published: June 29, 2026

Security Bulletin ID SB2026062914
CSH Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 29% Medium 43% Low 29%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 vulnerabilities.


1) Improper validation of certificate with host mismatch (CVE-ID: CVE-2026-40971)

CWE-ID: CWE-297 - Improper Validation of Certificate with Host Mismatch

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information, modify data, or cause a denial of service.

The vulnerability exists due to improper certificate validation in RabbitMQ auto-configuration when connecting to the RabbitMQ broker using an SSL bundle. A remote attacker can present a crafted certificate to disclose sensitive information, modify data, or cause a denial of service.


2) Improper validation of certificate with host mismatch (CVE-ID: CVE-2026-40974)

CWE-ID: CWE-297 - Improper Validation of Certificate with Host Mismatch

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the confidentiality, integrity, and availability of data in transit.

The vulnerability exists due to improper certificate validation in Cassandra SSL auto-configuration when establishing an SSL connection to Cassandra. A remote attacker can intercept a connection on the local network to compromise the confidentiality, integrity, and availability of data in transit.


3) Improper access control (CVE-ID: CVE-2026-40973)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information, hijack authenticated users, or execute arbitrary code.

The vulnerability exists due to improper access control in ApplicationTemp when using a predictable temporary directory for persistent session storage without ownership verification. A local user can take control of the directory used by ApplicationTemp to disclose sensitive information, hijack authenticated users, or execute arbitrary code.

Exploitation requires server.servlet.session.persistent to be set to true and the attack to persist across application restarts.


4) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2026-40975)

CWE-ID: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information and compromise integrity of secret-dependent operations.

The vulnerability exists due to the use of a weak pseudorandom number generator in the random value property source when generating values with ${random.value}. A remote attacker can predict generated values to disclose sensitive information and compromise integrity of secret-dependent operations.

${random.uuid} is not affected, and ${random.int} and ${random.long} should never be used for secrets because they are numeric values with a predictable range.


5) Link following (CVE-ID: CVE-2026-40977)

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local privileged user to corrupt one file on the host.

The vulnerability exists due to improper link resolution in ApplicationPidFileWriter when writing the PID file at a predictable default path. A local privileged user can place a symlink at the PID file location to corrupt one file on the host.

Exploitation requires the application to be configured to use ApplicationPidFileWriter and requires write access to the PID file location.


6) Improper access control (CVE-ID: CVE-2026-22731)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass authentication and disclose sensitive information.

The vulnerability exists due to improper access control in Actuator health group additional path handling when processing requests to an application endpoint declared under a path already configured for a health group additional path. A remote attacker can send a specially crafted request to bypass authentication and disclose sensitive information.

Exploitation requires the Actuator dependency to be present, a custom health group to be exposed under an additional path on the main server, and an authenticated application endpoint to be mapped under a subpath of that additional path.


7) Improper access control (CVE-ID: CVE-2026-22733)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass authentication and disclose sensitive information.

The vulnerability exists due to improper access control in application endpoints declared under the CloudFoundry Actuator path when handling requests to authenticated application endpoints mapped beneath that path. A remote attacker can send a request to the affected endpoint to bypass authentication and disclose sensitive information.

The issue occurs only when an authenticated application endpoint is exposed under a subpath used by the CloudFoundry Actuator endpoints.


Remediation

Install update from vendor's website.