9.8

CVE-2026-8633

Medienbericht

IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server Plug-ins

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server SwEdition- Version >= 8.5.0.0 <= 8.5.5.29
IbmWebsphere Application Server SwEditionliberty Version >= 8.5.0.0 <= 8.5.5.29
IbmWebsphere Application Server SwEdition- Version >= 9.0.0.0 <= 9.0.5.27
IbmWebsphere Application Server SwEditionliberty Version >= 9.0.0.0 <= 9.0.5.27
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.85% 0.533
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@us.ibm.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
08.06.2026 16:25
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:46
https://www.ibm.com/support/pages/node/7274072
Vendor Advisory