Description
IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.
Severity (CVSS)
| Base score | 8.1 |
|---|---|
| Severity | High |
| Version | CVSS 3.1 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Provided by | CNA |
Weaknesses
- CWE-94 — CWE-94 Improper Control of Generation of Code ('Code Injection')
Affected products
| Vendor | Product | Versions |
|---|---|---|
| IBM | i | 7.6.0 to <=1.8.4; 7.5.0; 7.4.0; 7.3.0 |
References
- https://www.ibm.com/support/pages/node/7277344 (vendor-advisory patch)
Generated from the official CVE List on 23 Jun 2026 10:05 UTC.