—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Identity Spoofing Vulnerability in IBM WebSphere Application Server Liberty

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

IBM WebSphere Application Server Liberty 17.0.0.3 and 26.0.0.4

Overview

A vulnerability has been reported in IBM WebSphere Application Server Liberty could allow a remote attacker to perform identity spoofing on the targeted system.

Target Audience:

All end-users and organisations using IBM WebSphere Application Server Liberty.

Risk Assessment:

High risk of unauthorised access.

Impact Assessment:

Potential impact on confidentiality, integrity, availability of the system and application outages.

Description

IBM WebSphere Application Server Liberty is a lightweight, modular application server designed for developing and running Java and Jakarta EE applications, enabling efficient execution of enterprise applications.

A vulnerability exists in IBM WebSphere Application Server Liberty that leads to an identity spoofing issue when the appSecurity feature is not enabled and applications are deployed without proper authentication and authorization. This allows a remote attacker to impersonate a legitimate user and gain unauthorized access.

Solution

Apply appropriate updates as mentioned by the IBMs portal:

https://www.ibm.com/support/pages/node/7270437

Vendor Information

IBM

https://www.ibm.com/mysupport/s/?language=en_US

References

https://www.ibm.com/support/pages/node/7270437

CVE Name

CVE-2026-3621

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnyG7wACgkQ3jCgcSdc

ys/Fmw//TGJD+nFNX7gBBROjZPsjixazZCo2BAq3KqJu904DVbKx2/k+YrtFI6tK

2NfTl5NzUgoyzZlxfLHSvrcyvSqTOs6zGqnIVgfrTIg0AcktQ84T5m58K3oMcvlW

BevjxERK+ANPISqZpW91QTEyTFsB8hvUeCyJDNvXVfdpMhoHkj0bDlvqViGM6O/Z

3XwK7tzPT1TNyG1/m7N93V6ydHwIU//1FyeSybz21OP1sY93fQK670pOIPbZCMa0

RoF8YcdcCxQZSQ6X37PRqF1oFGePSOCrzetgiZIAXt2zDbW/jDgpdZCWVzWje6SZ

Hq0tTrlAkrNzftbxwOt9QtD2UHPSL4NOnR4MjiWvpTvcZXsVZlYvr7EcChKk0gPN

xEAHCnTEcZ6ZenRNTZf/VewtYj7Ty8N/cSIlUFhPMtctmL4gscMe4rsDAaI4Be7C

fRi9aSUUr3+fZcCk9t3y8TQbCBRe2LKMBw/owHa1Zhwhh/bnL0yaee9qDwAeDkjs

al+IfYvY2MSK9Kp0ljcCf9GpWYNe3scEUgxsgOt7PjDUaCzRnfHKXa68JHCKFata

7hkyRVJTutRHDK4M2LY1e2e+D298AcN4QOzJ3z/1Rv5HKlw6t9FcD0mEvDhnmslh

4MNHdkayT0JS37mBvUlyIwUSOJK/gPHNEOIQRWGY/CoCnvHzEnI=

=18ZM

—–END PGP SIGNATURE—–