CVE-2015-7493 IBM CVE debrief

Who should care

IBM InfoSphere Information Server administrators, installers, and security teams responsible for systems running versions 8.5, 8.7, 9.1, 11.3, or 11.5 should care most, especially where local users may have access to installation workflows or related privileges.

Technical summary

NVD assigns CVSS 3.0 vector CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating a local attack path, high complexity, low privileges required, no user interaction, and confidentiality impact only. The primary weakness listed is CWE-200. The affected CPEs in the NVD record include IBM InfoSphere Information Server 8.5, 8.7, 9.1, 11.3, and 11.5. The issue is described as a circumstance in which a local user could execute commands during installation processes, potentially exposing sensitive information.

Defensive priority

Moderate. The issue is local and high-complexity, but it can still expose sensitive information on affected installations, so patching and installation-control hygiene are important.

Recommended defensive actions

• Check whether any affected IBM InfoSphere Information Server versions are installed in your environment.
• Review and apply IBM’s vendor patch or mitigation guidance referenced by the NVD record.
• Restrict who can run or influence installation processes on affected systems.
• Limit local access to trusted administrative users and review installation-related permissions and workflows.

Evidence notes

This debrief is based on the supplied NVD record for CVE-2015-7493, published 2017-02-08 and modified 2026-05-13. The NVD record lists affected IBM InfoSphere Information Server versions 8.5, 8.7, 9.1, 11.3, and 11.5, with CVSS 3.0 vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N and weakness CWE-200. NVD references IBM advisory swg21982034 and SecurityFocus BID 90529.

Official resources