Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-8858 (GCVE-0-2026-8858)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:16 – Updated: 2026-07-09 19:54
VLAI
EPSS
VEX
Title
WebSphere Application Server Remote Code Execution
Summary
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7276560 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
8.5
Affected: 9.0 cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T03:56:00.365269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T18:48:11.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:54:33.016Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7276560"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available Web Server Plug-ins interim fix or fix pack that contains the fix for APAR PH71376.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eWeb Server Plug-ins for IBM WebSphere Application Server (used with either WebSphere Application Server traditional or Liberty):\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.27:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Web Server Plug-ins Interim Fix that resolves\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7273976\" rel=\"nofollow\"\u003ePH71376\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.28 or later (targeted availability 2Q2026).\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Web Server Plug-ins Interim Fix that resolves\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7273976\" rel=\"nofollow\"\u003ePH71376\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available Web Server Plug-ins interim fix or fix pack that contains the fix for APAR PH71376.\n\n\u00a0\n\n\n\nWeb Server Plug-ins for IBM WebSphere Application Server (used with either WebSphere Application Server traditional or Liberty):\n\n\n\nFor V9.0.0.0 through 9.0.5.27:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Web Server Plug-ins Interim Fix that resolves\u00a0 PH71376 https://www.ibm.com/support/pages/node/7273976 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.28 or later (targeted availability 2Q2026).\u00a0\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Web Server Plug-ins Interim Fix that resolves\u00a0 PH71376 https://www.ibm.com/support/pages/node/7273976 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WebSphere Application Server Remote Code Execution",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-8858",
"datePublished": "2026-06-22T14:16:39.629Z",
"dateReserved": "2026-05-18T18:06:05.131Z",
"dateUpdated": "2026-07-09T19:54:33.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-8858",
"date": "2026-07-09",
"epss": "0.0026",
"percentile": "0.17423"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-8858\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-06-22T16:16:42.967\",\"lastModified\":\"2026-07-09T21:16:56.547\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.\"}],\"affected\":[{\"source\":\"psirt@us.ibm.com\",\"affectedData\":[{\"vendor\":\"IBM\",\"product\":\"WebSphere Application Server\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*\",\"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"8.5\",\"status\":\"affected\"},{\"version\":\"9.0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-23T03:56:00.365269Z\",\"id\":\"CVE-2026-8858\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:i:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3\",\"versionEndIncluding\":\"7.6\",\"matchCriteriaId\":\"46DEA5F3-B160-471F-8C4C-0E8338EDEDA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C684FC45-C9BA-4EF0-BD06-BB289450DD21\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7276560\",\"source\":\"psirt@us.ibm.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-8858\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-23T03:56:00.365269Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-23T18:48:08.374Z\"}}], \"cna\": {\"title\": \"WebSphere Application Server Remote Code Execution\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"WebSphere Application Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.5\"}, {\"status\": \"affected\", \"version\": \"9.0\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly recommends addressing the vulnerability now by applying a currently available Web Server Plug-ins interim fix or fix pack that contains the fix for APAR PH71376.\\n\\n\\u00a0\\n\\n\\n\\nWeb Server Plug-ins for IBM WebSphere Application Server (used with either WebSphere Application Server traditional or Liberty):\\n\\n\\n\\nFor V9.0.0.0 through 9.0.5.27:\\n\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Web Server Plug-ins Interim Fix that resolves\\u00a0 PH71376 https://www.ibm.com/support/pages/node/7273976 \\n--OR--\\n\\u00b7 Apply Fix Pack 9.0.5.28 or later (targeted availability 2Q2026).\\u00a0\\u00a0\\n\\n\\n\\nFor V8.5.0.0 through 8.5.5.29:\\n\\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Web Server Plug-ins Interim Fix that resolves\\u00a0 PH71376 https://www.ibm.com/support/pages/node/7273976 \\n--OR--\\n\\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available Web Server Plug-ins interim fix or fix pack that contains the fix for APAR PH71376.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eWeb Server Plug-ins for IBM WebSphere Application Server (used with either WebSphere Application Server traditional or Liberty):\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.27:\u003c/strong\u003e\u003cbr\u003e\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Web Server Plug-ins Interim Fix that resolves\u0026nbsp;\u003ca href=\\\"https://www.ibm.com/support/pages/node/7273976\\\" rel=\\\"nofollow\\\"\u003ePH71376\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\\u00b7 Apply Fix Pack 9.0.5.28 or later (targeted availability 2Q2026).\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Web Server Plug-ins Interim Fix that resolves\u0026nbsp;\u003ca href=\\\"https://www.ibm.com/support/pages/node/7273976\\\" rel=\\\"nofollow\\\"\u003ePH71376\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7276560\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-07-09T19:54:33.016Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-8858\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-09T19:54:33.016Z\", \"dateReserved\": \"2026-05-18T18:06:05.131Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-06-22T14:16:39.629Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0834
Vulnerability from certfr_avis - Published: 2026-07-03 - Updated: 2026-07-03
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Application Server versions 9.x antérieures à 9.0.5.29 | ||
| IBM | Db2 | Db2 Genius Hub versions antérieures à 1.1.3 | ||
| IBM | Db2 | Db2 Big SQL on IBM Software Hub versions antérieures à 5.4 | ||
| IBM | WebSphere | WebSphere Remote Server versions 9.x antérieures à 9.0.5.29 | ||
| IBM | N/A | SOAR QRadar Plugin App versions antérieures à 5.6.5 | ||
| IBM | WebSphere | WebSphere Remote Server versions 8.5.x antérieures à 8.5.5.31 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.x antérieures à 8.5.5.31 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions antérieures à 26.0.0.8 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Genius Hub versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on IBM Software Hub versions ant\u00e9rieures \u00e0 5.4",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.31",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.x ant\u00e9rieures \u00e0 8.5.5.31",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 26.0.0.8",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-50645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50645"
},
{
"name": "CVE-2026-11383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11383"
},
{
"name": "CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2024-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"name": "CVE-2025-14688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14688"
},
{
"name": "CVE-2026-9171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9171"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2026-1577",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1577"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2026-9072",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9072"
},
{
"name": "CVE-2026-24737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24737"
},
{
"name": "CVE-2026-8858",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8858"
},
{
"name": "CVE-2026-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7246"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"name": "CVE-2026-11541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11541"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2026-11707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11707"
},
{
"name": "CVE-2026-11546",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11546"
},
{
"name": "CVE-2026-42036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2026-11594",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11594"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2026-24043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24043"
},
{
"name": "CVE-2025-13755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13755"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6051"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"name": "CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"name": "CVE-2026-11536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11536"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"name": "CVE-2026-8646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8646"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2026-9320",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9320"
},
{
"name": "CVE-2026-6053",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6053"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-29869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29869"
},
{
"name": "CVE-2026-42040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
},
{
"name": "CVE-2026-4923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
},
{
"name": "CVE-2026-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6052"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2026-24133",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24133"
},
{
"name": "CVE-2026-10845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
},
{
"name": "CVE-2026-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2327"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2026-3676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3676"
},
{
"name": "CVE-2026-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1352"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-36122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36122"
},
{
"name": "CVE-2026-25940",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25940"
},
{
"name": "CVE-2026-24040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24040"
},
{
"name": "CVE-2026-42038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
},
{
"name": "CVE-2026-11708",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11708"
},
{
"name": "CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"name": "CVE-2026-25755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25755"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"name": "CVE-2026-11595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11595"
},
{
"name": "CVE-2026-11714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11714"
},
{
"name": "CVE-2026-25535",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25535"
},
{
"name": "CVE-2026-42034",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
},
{
"name": "CVE-2026-9322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9322"
},
{
"name": "CVE-2026-31938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31938"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-6938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6938"
},
{
"name": "CVE-2026-11712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11712"
},
{
"name": "CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"name": "CVE-2026-42264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
},
{
"name": "CVE-2026-13772",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-13772"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2026-42037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
},
{
"name": "CVE-2026-42042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
},
{
"name": "CVE-2026-9071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9071"
},
{
"name": "CVE-2026-9006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
},
{
"name": "CVE-2026-31898",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31898"
},
{
"name": "CVE-2026-24001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24001"
},
{
"name": "CVE-2023-24056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24056"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2026-10852",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10852"
},
{
"name": "CVE-2026-27212",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27212"
},
{
"name": "CVE-2025-12183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2026-4926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
},
{
"name": "CVE-2026-1718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1718"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
}
],
"initial_release_date": "2026-07-03T00:00:00",
"last_revision_date": "2026-07-03T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0834",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-07-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278360",
"url": "https://www.ibm.com/support/pages/node/7278360"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279004",
"url": "https://www.ibm.com/support/pages/node/7279004"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278998",
"url": "https://www.ibm.com/support/pages/node/7278998"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278996",
"url": "https://www.ibm.com/support/pages/node/7278996"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278993",
"url": "https://www.ibm.com/support/pages/node/7278993"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279001",
"url": "https://www.ibm.com/support/pages/node/7279001"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278935",
"url": "https://www.ibm.com/support/pages/node/7278935"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278590",
"url": "https://www.ibm.com/support/pages/node/7278590"
},
{
"published_at": "2026-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278148",
"url": "https://www.ibm.com/support/pages/node/7278148"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279002",
"url": "https://www.ibm.com/support/pages/node/7279002"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278995",
"url": "https://www.ibm.com/support/pages/node/7278995"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278997",
"url": "https://www.ibm.com/support/pages/node/7278997"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278990",
"url": "https://www.ibm.com/support/pages/node/7278990"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278358",
"url": "https://www.ibm.com/support/pages/node/7278358"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278989",
"url": "https://www.ibm.com/support/pages/node/7278989"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278576",
"url": "https://www.ibm.com/support/pages/node/7278576"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278572",
"url": "https://www.ibm.com/support/pages/node/7278572"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278580",
"url": "https://www.ibm.com/support/pages/node/7278580"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278398",
"url": "https://www.ibm.com/support/pages/node/7278398"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278359",
"url": "https://www.ibm.com/support/pages/node/7278359"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279003",
"url": "https://www.ibm.com/support/pages/node/7279003"
},
{
"published_at": "2026-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278103",
"url": "https://www.ibm.com/support/pages/node/7278103"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278593",
"url": "https://www.ibm.com/support/pages/node/7278593"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278399",
"url": "https://www.ibm.com/support/pages/node/7278399"
}
]
}
FKIE_CVE-2026-8858
Vulnerability from fkie_nvd - Published: 2026-06-22 16:16 - Updated: 2026-06-24 17:17
Severity
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7277344 | Vendor Advisory |
{
"affected": [
{
"affectedData": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.8.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"source": "psirt@us.ibm.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46DEA5F3-B160-471F-8C4C-0E8338EDEDA5",
"versionEndIncluding": "7.6",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in."
}
],
"id": "CVE-2026-8858",
"lastModified": "2026-06-24T17:17:31.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-8858",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T03:56:00.365269Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-22T16:16:42.967",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7277344"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
GHSA-MFQ9-47XF-5654
Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-07-09 21:31
VLAI
Details
IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2026-8858"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-22T16:16:42Z",
"severity": "HIGH"
},
"details": "IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.",
"id": "GHSA-mfq9-47xf-5654",
"modified": "2026-07-09T21:31:13Z",
"published": "2026-06-22T18:34:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8858"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7276560"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7277344"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-2001
Vulnerability from csaf_certbund - Published: 2026-06-17 22:00 - Updated: 2026-06-25 22:00Summary
IBM WebSphere Application Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM WebSphere Application Server ist ein J2EE-Applikationsserver.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
References
9 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://www.ibm.com/support/pages/security-bullet… | external |
| https://www.ibm.com/support/pages/node/7276579 | external |
| https://www.ibm.com/support/pages/node/7276600 | external |
| https://www.ibm.com/support/pages/node/7276560 | external |
| https://www.ibm.com/support/pages/node/7276831 | external |
| https://www.ibm.com/support/pages/node/7276832 | external |
| https://www.ibm.com/support/pages/node/7277034 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-2001 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2001.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-2001 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2001"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/security-bulletin-ibm-websphere-application-server-affected-authentication-bypass-vulnerability-cve-2026-10845"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276579"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276600"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276560"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7276831 vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276831"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7276832 vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276832"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7277034 vom 2026-06-18",
"url": "https://www.ibm.com/support/pages/node/7277034"
}
],
"source_lang": "en-US",
"title": "IBM WebSphere Application Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-25T22:00:00.000+00:00",
"generator": {
"date": "2026-06-25T14:21:36.231+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-2001",
"initial_release_date": "2026-06-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-06-22T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-38253, EUVD-2026-38252, EUVD-2026-38251, EUVD-2026-38288, EUVD-2026-38286, EUVD-2026-38284, EUVD-2026-38254, EUVD-2026-38346"
},
{
"date": "2026-06-25T22:00:00.000+00:00",
"number": "4",
"summary": "Ebenfalls betroffenen Websphere Application Server Liberty aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0.5.28",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.28",
"product_id": "T055612"
}
},
{
"category": "product_version",
"name": "9.0.5.28",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.28",
"product_id": "T055612-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.28"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5.28 PH71556",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.28 PH71556",
"product_id": "T055613"
}
},
{
"category": "product_version",
"name": "9.0.5.28 PH71556",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.28 PH71556",
"product_id": "T055613-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.28_ph71556"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5.28 PH71370",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.28 PH71370",
"product_id": "T055614"
}
},
{
"category": "product_version",
"name": "9.0.5.28 PH71370",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.28 PH71370",
"product_id": "T055614-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.28_ph71370"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5.28 PH71648",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.28 PH71648",
"product_id": "T055615"
}
},
{
"category": "product_version",
"name": "9.0.5.28 PH71648",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.28 PH71648",
"product_id": "T055615-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.28_ph71648"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5.29",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.29",
"product_id": "T055616"
}
},
{
"category": "product_version",
"name": "9.0.5.29",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.29",
"product_id": "T055616-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.30",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.30",
"product_id": "T055617"
}
},
{
"category": "product_version",
"name": "8.5.5.30",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.30",
"product_id": "T055617-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.30"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.29 PH71376",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.29 PH71376",
"product_id": "T055618"
}
},
{
"category": "product_version",
"name": "8.5.5.29 PH71376",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.29 PH71376",
"product_id": "T055618-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.29_ph71376"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.29 PH71556",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.29 PH71556",
"product_id": "T055619"
}
},
{
"category": "product_version",
"name": "8.5.5.29 PH71556",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.29 PH71556",
"product_id": "T055619-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.29_ph71556"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.29 PH71370",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.29 PH71370",
"product_id": "T055620"
}
},
{
"category": "product_version",
"name": "8.5.5.29 PH71370",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.29 PH71370",
"product_id": "T055620-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.29_ph71370"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.29 PH71648",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.29 PH71648",
"product_id": "T055621"
}
},
{
"category": "product_version",
"name": "8.5.5.29 PH71648",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.29 PH71648",
"product_id": "T055621-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.29_ph71648"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
},
{
"branches": [
{
"category": "product_version",
"name": "17.0.0.3-26.0.0.6",
"product": {
"name": "IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6",
"product_id": "T055824",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6"
}
}
},
{
"category": "product_version",
"name": "Web Server Plug-ins 8.5",
"product": {
"name": "IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5",
"product_id": "T055825",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins"
}
}
},
{
"category": "product_version",
"name": "Web Server Plug-ins 9.0",
"product": {
"name": "IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0",
"product_id": "T055826",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server Liberty"
},
{
"category": "product_name",
"name": "IBM WebSphere Service Registry and Repository",
"product": {
"name": "IBM WebSphere Service Registry and Repository",
"product_id": "T048917",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-10845",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-10845"
},
{
"cve": "CVE-2026-10852",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-10852"
},
{
"cve": "CVE-2026-8646",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-8646"
},
{
"cve": "CVE-2026-8858",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-8858"
},
{
"cve": "CVE-2026-9006",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-9006"
},
{
"cve": "CVE-2026-9071",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-9071"
},
{
"cve": "CVE-2026-9072",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-9072"
},
{
"cve": "CVE-2026-9320",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-9320"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…