Description

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.

Severity (CVSS)

Base score8.1
SeverityHigh
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Provided byCNA

Weaknesses

  • CWE-94 — CWE-94 Improper Control of Generation of Code ('Code Injection')

Affected products

VendorProductVersions
IBMi7.6.0 to <=1.8.4; 7.5.0; 7.4.0; 7.3.0

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 23 Jun 2026 10:05 UTC.