Description

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.

Severity (CVSS)

Base score7.3
SeverityHigh
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Provided byCISA-ADP

Weaknesses

  • CWE-287 — CWE-287 Improper Authentication

Affected products

VendorProductVersions
IBMWebSphere Application Server8.5.0 to <=7.0.2 Interim Fix 035; 9.0.0 to <=7.0.3 Interim Fix 017

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 23 Jun 2026 10:05 UTC.