—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in IBM WebSphere Application Server

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

IBM WebSphere Application Server versions 9.0

IBM WebSphere Application Server versions 8.5

IBM WebSphere Application Server – Liberty versions 17.0.0.3 – 26.0.0.6

Overview

Multiple vulnerabilities have been reported in IBM WebSphere Application Server which could allow an attacker to execute arbitrary code, conduct cross-site scripting attacks or manipulate HTTP requests.

Target Audience:

Organizations using IBM WebSphere Application Server and WebSphere Liberty products.

Risk Assessment:

High risk of remote code execution, cross-site scripting, unauthorized access, and compromise of sensitive information.

Impact Assessment:

Potential impact on the confidentiality, integrity, and availability of affected systems and data.

Description

IBM WebSphere Application Server and WebSphere Liberty are enterprise Java application server platforms used to host, manage, and run business-critical web applications and services.

These vulnerabilities exist in IBM WebSphere Application Server and WebSphere Liberty products due to improper input validation or insecure handling of HTTP requests and administrative functions. A remote attacker could exploit these vulnerabilities by executing specially crafted requests on the target system.

Successful exploitation could result in remote code execution, cross-site scripting attacks, unauthorized access, data compromise, and service disruption.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.ibm.com/support/pages/node/7277544

https://www.ibm.com/support/pages/node/7277546

https://www.ibm.com/support/pages/node/7277550

Vendor Information

IBM

https://www.ibm.com/support/pages/node/7277544

https://www.ibm.com/support/pages/node/7277546

https://www.ibm.com/support/pages/node/7277550

References

 

https://www.ibm.com/support/pages/node/7277544

https://www.ibm.com/support/pages/node/7277546

https://www.ibm.com/support/pages/node/7277550

CVE Name

CVE-2026-11536

CVE-2026-11594

CVE-2026-11707

CVE-2026-11383

CVE-2026-11541

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpD02oACgkQ3jCgcSdc

ys/HRg//dW756MctUqDHB58gtlhHj3WZ3ZDqpNOpyaW0nI7W3WmO2iX0UCZPwTu9

m46Jsr+IE3YrWZJD2acCLh7lDx0uVCtlJ9nyX1u1Crkri2ZHr3ZtbpXtLfPHGAET

Ez+tApE/Rb5lIV+HBLsBHQlYpdh9GeJgYrVgntNZmoCG5ZerMy8Um/NAVhNPi5sQ

iZgUNVNHglCZLGNNAymNB+GuznvX/helTuG4HNFIwevVUWfFYalYIMDPknn6YCTc

G9yc/ybE9vczyaygQqKmLJzA6lNHc8kfyc6WEHRwNsAdRX8CxCp/Rgo1z6QG7rMA

/dH0QuFuLQXuK6u8GdPpYonYdQESZbILAvAU02yPYf6yEK7rgbU7NefpGoPxm0xy

t4YmMh2J2bC2IABVUoa22Kgrf21s9UhAWGacJT3XHdu54mUe5LiJ8sVfSHWk6UPn

f4BcQP0n8u1Bh3JZ+/jF5Do2VHNkHf3FV2O3RM3T7RmIxilipTJjuT00wjyt/NzR

Md/VVDoArdWM5ahM98tlCF9zUVwJbR3VAxtNVbEB31YenDG/ylBhVJN4Qw6+bAnR

mywpLf0ZzwaZBFemK8u0qHdc2XO8xFVYhL+jq3Pc+89bR3pohxy1Tu8GI5mErcKF

kqPIEw4XcNjnHCS9xagceOELVm84kS1OP0ClELD5bQG0LIlidzA=

=4bR0

—–END PGP SIGNATURE—–