Ibm Websphere Application Server vulnerabilities

CVE-2026-9319 [CRITICAL] CWE-502 CVE-2026-9319: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due t IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.

CVE-2026-8644 [CRITICAL] CWE-290 CVE-2026-8644: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

CVE-2026-9311 [CRITICAL] CWE-94 CVE-2026-9311: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the b IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

CVE-2026-9330 [HIGH] CWE-502 CVE-2026-9330: IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.

CVE-2026-4410 [HIGH] CWE-400 CVE-2026-4410: IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application S IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

CVE-2026-5516 [MEDIUM] CWE-362 CVE-2026-5516: IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Serv IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window.

CVE-2026-8633 [CRITICAL] CWE-94 CVE-2026-8633: IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSpher IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.

CVE-2026-8620 [HIGH] CWE-444 CVE-2026-8620: IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSpher IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request.

CVE-2026-3621 [MEDIUM] CWE-269 CVE-2026-3621: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Serve IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.

CVE-2025-14917 [CRITICAL] CWE-1393 CVE-2025-14917: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

CVE-2025-14915 [HIGH] CWE-200 CVE-2025-14915: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.

CVE-2026-1561 [MEDIUM] CWE-918 CVE-2026-1561: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2025-14923 [CRITICAL] CWE-321 CVE-2025-14923: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Serve IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.

CVE-2025-13333 [MEDIUM] CWE-358 CVE-2025-13333: IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during sys IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.

CVE-2025-14914 [HIGH] CWE-22 CVE-2025-14914: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

CVE-2025-12635 [MEDIUM] CWE-79 CVE-2025-12635: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 thro IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.

CVE-2025-36099 [MEDIUM] CWE-770 CVE-2025-36099: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.

CVE-2025-33142 [HIGH] CWE-295 CVE-2025-33142: IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS con IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

CVE-2025-36047 [HIGH] CWE-770 CVE-2025-36047: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of serv IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

CVE-2025-36124 [HIGH] CWE-268 CVE-2025-36124: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration