Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-9006 (GCVE-0-2026-9006)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:46 – Updated: 2026-06-24 03:56
VLAI
EPSS
Title
IBM WebSphere Application Server is affected by server-side request forgery
Summary
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7276600 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0 , ≤ 7.0.2 Interim Fix 035
(semver)
Affected: 8.5.0 , ≤ 7.0.3 Interim Fix 017 (semver) cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T03:56:08.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 Interim Fix 035",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 Interim Fix 017",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T14:46:47.768Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7276600"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71556.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276400\" rel=\"nofollow\"\u003ePH71556\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276400\" rel=\"nofollow\"\u003ePH71556\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71556.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71556 https://www.ibm.com/support/pages/node/7276400 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71556 https://www.ibm.com/support/pages/node/7276400 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server is affected by server-side request forgery",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-9006",
"datePublished": "2026-06-22T14:46:47.768Z",
"dateReserved": "2026-05-19T13:59:27.241Z",
"dateUpdated": "2026-06-24T03:56:08.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-9006",
"date": "2026-06-27",
"epss": "0.00221",
"percentile": "0.12633"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-9006\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-23T13:40:29.936745Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-23T13:40:41.617Z\"}}], \"cna\": {\"title\": \"IBM WebSphere Application Server is affected by server-side request forgery\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"WebSphere Application Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.2 Interim Fix 035\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.3 Interim Fix 017\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71556.\\n\\n\\n\\nFor IBM WebSphere Application Server traditional:\\n\\n\\n\\nFor V9.0.0.0 through 9.0.5.28:\\n\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71556 https://www.ibm.com/support/pages/node/7276400 \\n--OR--\\n\\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\\u00a0\\n\\n\\n\\nFor V8.5.0.0 through 8.5.5.29:\\n\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71556 https://www.ibm.com/support/pages/node/7276400 \\n--OR--\\n\\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\\u00a0\\n\\n\\n\\n\\n\\n\\n\\nAdditional interim fixes may be available and linked off the interim fix download page.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71556.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\\\"https://www.ibm.com/support/pages/node/7276400\\\" rel=\\\"nofollow\\\"\u003ePH71556\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\\\"https://www.ibm.com/support/pages/node/7276400\\\" rel=\\\"nofollow\\\"\u003ePH71556\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7276600\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-06-22T14:46:47.768Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-9006\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-24T03:56:08.241Z\", \"dateReserved\": \"2026-05-19T13:59:27.241Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-06-22T14:46:47.768Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0788
Vulnerability from certfr_avis - Published: 2026-06-19 - Updated: 2026-06-19
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité | ||
| IBM | N/A | WebSphere Application Server versions 8.5.0 sans les derniers correctifs de sécurité | ||
| IBM | N/A | IBM QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP15 IF04 | ||
| IBM | N/A | WebSphere Application Server - Liberty versions 17.x à 26.x sans les derniers correctifs de sécurité | ||
| IBM | N/A | DB2 Query Management Facility versions 12.2.0.5 sans les derniers correctifs de sécurité | ||
| IBM | N/A | Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent versions 7.3.0 Fix Pack 4 sans les derniers correctifs de sécurité | ||
| IBM | N/A | Security QRadar Log Management AQL Plugin versions 1.x antérieures à 1.1.6 | ||
| IBM | N/A | Sterling Connect:Direct Web Services versions 6.3.0 antérieures à 6.3.0.19 | ||
| IBM | N/A | Sterling Connect:Direct Web Services versions 6.4.0 antérieures à 6.4.0.8 | ||
| IBM | N/A | Sterling B2B Integrator et IBM Sterling File Gateway versions 6.2.1 antérieures à 6.2.1.2 | ||
| IBM | N/A | DB2 Query Management Facility versions 13.1.x sans les derniers correctifs de sécurité | ||
| IBM | N/A | WebSphere Application Server versions 9.0.0 à 9.0.5.28 sans les derniers correctifs de sécurité | ||
| IBM | N/A | Sterling Connect:Direct File Agent versions 1.4.0.3 à 1.4.0.5_iFi011 pour AIX, Linux x64, Linux PPC et Windows sans le correctif de sécurité 1.4.0.5_iFix012 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP15 IF04",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server - Liberty versions 17.x \u00e0 26.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility versions 12.2.0.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent versions 7.3.0 Fix Pack 4 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Log Management AQL Plugin versions 1.x ant\u00e9rieures \u00e0 1.1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.0 ant\u00e9rieures \u00e0 6.3.0.19",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.4.0 ant\u00e9rieures \u00e0 6.4.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et IBM Sterling File Gateway versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility versions 13.1.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.0 \u00e0 9.0.5.28 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent versions 1.4.0.3 \u00e0 1.4.0.5_iFi011 pour AIX, Linux x64, Linux PPC et Windows sans le correctif de s\u00e9curit\u00e9 1.4.0.5_iFix012",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-6474",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6474"
},
{
"name": "CVE-2026-44289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44289"
},
{
"name": "CVE-2026-6472",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6472"
},
{
"name": "CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2026-6479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6479"
},
{
"name": "CVE-2026-44293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44293"
},
{
"name": "CVE-2026-44290",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44290"
},
{
"name": "CVE-2026-40355",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40355"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2026-41305",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41305"
},
{
"name": "CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"name": "CVE-2026-45740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45740"
},
{
"name": "CVE-2026-43284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43284"
},
{
"name": "CVE-2026-39824",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39824"
},
{
"name": "CVE-2026-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40977"
},
{
"name": "CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"name": "CVE-2026-32635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32635"
},
{
"name": "CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"name": "CVE-2026-41988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41988"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2026-6637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6637"
},
{
"name": "CVE-2026-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41242"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"name": "CVE-2026-6473",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6473"
},
{
"name": "CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"name": "CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"name": "CVE-2026-5758",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5758"
},
{
"name": "CVE-2026-27136",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27136"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"name": "CVE-2026-40356",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40356"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2026-44288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44288"
},
{
"name": "CVE-2026-8646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8646"
},
{
"name": "CVE-2026-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2026-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6638"
},
{
"name": "CVE-2026-9320",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9320"
},
{
"name": "CVE-2026-40975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40975"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-42506",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42506"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2025-41235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41235"
},
{
"name": "CVE-2026-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46300"
},
{
"name": "CVE-2026-25680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25680"
},
{
"name": "CVE-2026-6478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6478"
},
{
"name": "CVE-2026-10845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
},
{
"name": "CVE-2026-6475",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6475"
},
{
"name": "CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"name": "CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"name": "CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"name": "CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"name": "CVE-2026-44291",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44291"
},
{
"name": "CVE-2026-42583",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
},
{
"name": "CVE-2026-41680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41680"
},
{
"name": "CVE-2026-44292",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44292"
},
{
"name": "CVE-2026-29181",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29181"
},
{
"name": "CVE-2026-6477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6477"
},
{
"name": "CVE-2026-42502",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42502"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2026-8723",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8723"
},
{
"name": "CVE-2026-25681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25681"
},
{
"name": "CVE-2026-40973",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40973"
},
{
"name": "CVE-2026-46333",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46333"
},
{
"name": "CVE-2026-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41035"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2026-9330",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9330"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2026-9311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9311"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2026-41238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41238"
},
{
"name": "CVE-2026-9071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9071"
},
{
"name": "CVE-2026-9006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2026-44294",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44294"
},
{
"name": "CVE-2026-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
},
{
"name": "CVE-2025-14813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
},
{
"name": "CVE-2026-41907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41907"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
}
],
"initial_release_date": "2026-06-19T00:00:00",
"last_revision_date": "2026-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0788",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276427",
"url": "https://www.ibm.com/support/pages/node/7276427"
},
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276831",
"url": "https://www.ibm.com/support/pages/node/7276831"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276430",
"url": "https://www.ibm.com/support/pages/node/7276430"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276432",
"url": "https://www.ibm.com/support/pages/node/7276432"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276433",
"url": "https://www.ibm.com/support/pages/node/7276433"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276620",
"url": "https://www.ibm.com/support/pages/node/7276620"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276616",
"url": "https://www.ibm.com/support/pages/node/7276616"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276425",
"url": "https://www.ibm.com/support/pages/node/7276425"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276597",
"url": "https://www.ibm.com/support/pages/node/7276597"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276428",
"url": "https://www.ibm.com/support/pages/node/7276428"
},
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276761",
"url": "https://www.ibm.com/support/pages/node/7276761"
},
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276816",
"url": "https://www.ibm.com/support/pages/node/7276816"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276589",
"url": "https://www.ibm.com/support/pages/node/7276589"
},
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276832",
"url": "https://www.ibm.com/support/pages/node/7276832"
},
{
"published_at": "2026-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276187",
"url": "https://www.ibm.com/support/pages/node/7276187"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276426",
"url": "https://www.ibm.com/support/pages/node/7276426"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276579",
"url": "https://www.ibm.com/support/pages/node/7276579"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276303",
"url": "https://www.ibm.com/support/pages/node/7276303"
},
{
"published_at": "2026-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276193",
"url": "https://www.ibm.com/support/pages/node/7276193"
},
{
"published_at": "2026-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276939",
"url": "https://www.ibm.com/support/pages/node/7276939"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276600",
"url": "https://www.ibm.com/support/pages/node/7276600"
},
{
"published_at": "2026-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276189",
"url": "https://www.ibm.com/support/pages/node/7276189"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276429",
"url": "https://www.ibm.com/support/pages/node/7276429"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276392",
"url": "https://www.ibm.com/support/pages/node/7276392"
},
{
"published_at": "2026-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276185",
"url": "https://www.ibm.com/support/pages/node/7276185"
}
]
}
CERTFR-2026-AVI-0810
Vulnerability from certfr_avis - Published: 2026-06-26 - Updated: 2026-06-26
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager versions 6.2.3.x antérieures à 6.2.3.6 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.0.x antérieures à 6.1.0.4 iFix01 | ||
| IBM | N/A | WebSphere Application Server sans le dernier correctif de sécurité | ||
| IBM | Sterling | Sterling Order Management sans le dernier correctif de sécurité | ||
| IBM | N/A | WebSphere Remote Server versions 9.0.x antérieures à 9.0.5.29 | ||
| IBM | QRadar | QRadar DNS Analyzer App versions antérieures à 2.0.5 | ||
| IBM | N/A | WebSphere Liberty Operator versions antérieures à 1.6.2 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à 2.3.5.1 | ||
| IBM | N/A | WebSphere Remote Server versions 8.5.x antérieures à 8.5.5.30 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.1.x antérieures à 6.1.1.3 iFix01 | ||
| IBM | Sterling | Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x antérieures à 6.4.0.4_iFix035 | ||
| IBM | Db2 | Db2 versions V11.5 et V12.1 sans le dernier correctif de sécurité | ||
| IBM | Sterling | Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.6_iFix062 | ||
| IBM | N/A | WebSphere eXtreme Scale versions 8.6.x antérieures à 8.6.1 sans le correctif PH71616 iFix | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.1.x antérieures à 6.2.1.2 iFix02 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager versions 6.2.4.x antérieures à 6.2.4.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Partner Engagement Manager versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.6",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.4 iFix01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Order Management sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.29",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar DNS Analyzer App versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Liberty Operator versions ant\u00e9rieures \u00e0 1.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.5.1",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.30",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.1.x ant\u00e9rieures \u00e0 6.1.1.3 iFix01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.4_iFix035",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions V11.5 et V12.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6_iFix062",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.x ant\u00e9rieures \u00e0 8.6.1 sans le correctif PH71616 iFix",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.2 iFix02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.4",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-5588",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5588"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2025-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
},
{
"name": "CVE-2026-11383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11383"
},
{
"name": "CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2026-42402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42402"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"name": "CVE-2025-36131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2024-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2026-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
},
{
"name": "CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"name": "CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"name": "CVE-2026-42580",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42580"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2026-0994",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0994"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2026-42585",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42585"
},
{
"name": "CVE-2026-11541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11541"
},
{
"name": "CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"name": "CVE-2026-11707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11707"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2026-42036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
},
{
"name": "CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-11594",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11594"
},
{
"name": "CVE-2026-42403",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42403"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-10109",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10109"
},
{
"name": "CVE-2026-27136",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27136"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2025-36136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
},
{
"name": "CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"name": "CVE-2025-36008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36008"
},
{
"name": "CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"name": "CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"name": "CVE-2026-11536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11536"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2026-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
},
{
"name": "CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2025-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
},
{
"name": "CVE-2026-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2026-5795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5795"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2025-33012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
},
{
"name": "CVE-2026-42506",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42506"
},
{
"name": "CVE-2026-34479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34479"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2026-42040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2026-25680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25680"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2026-10845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
},
{
"name": "CVE-2025-12635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
},
{
"name": "CVE-2026-42404",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42404"
},
{
"name": "CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"name": "CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"name": "CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"name": "CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2026-42038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
},
{
"name": "CVE-2026-42583",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2026-8149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8149"
},
{
"name": "CVE-2026-42502",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42502"
},
{
"name": "CVE-2026-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2026-25681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25681"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"name": "CVE-2026-42034",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
},
{
"name": "CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2026-42264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
},
{
"name": "CVE-2026-0636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0636"
},
{
"name": "CVE-2026-42037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
},
{
"name": "CVE-2026-42042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
},
{
"name": "CVE-2026-9006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
},
{
"name": "CVE-2025-33134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
},
{
"name": "CVE-2026-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11806"
},
{
"name": "CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2026-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
},
{
"name": "CVE-2025-14813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
}
],
"initial_release_date": "2026-06-26T00:00:00",
"last_revision_date": "2026-06-26T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0810",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277716",
"url": "https://www.ibm.com/support/pages/node/7277716"
},
{
"published_at": "2026-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277692",
"url": "https://www.ibm.com/support/pages/node/7277692"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277418",
"url": "https://www.ibm.com/support/pages/node/7277418"
},
{
"published_at": "2026-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7275595",
"url": "https://www.ibm.com/support/pages/node/7275595"
},
{
"published_at": "2026-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277973",
"url": "https://www.ibm.com/support/pages/node/7277973"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277546",
"url": "https://www.ibm.com/support/pages/node/7277546"
},
{
"published_at": "2026-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277694",
"url": "https://www.ibm.com/support/pages/node/7277694"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277531",
"url": "https://www.ibm.com/support/pages/node/7277531"
},
{
"published_at": "2026-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277693",
"url": "https://www.ibm.com/support/pages/node/7277693"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277544",
"url": "https://www.ibm.com/support/pages/node/7277544"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277550",
"url": "https://www.ibm.com/support/pages/node/7277550"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277424",
"url": "https://www.ibm.com/support/pages/node/7277424"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277420",
"url": "https://www.ibm.com/support/pages/node/7277420"
},
{
"published_at": "2026-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277742",
"url": "https://www.ibm.com/support/pages/node/7277742"
},
{
"published_at": "2026-06-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277387",
"url": "https://www.ibm.com/support/pages/node/7277387"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277556",
"url": "https://www.ibm.com/support/pages/node/7277556"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277555",
"url": "https://www.ibm.com/support/pages/node/7277555"
},
{
"published_at": "2026-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278112",
"url": "https://www.ibm.com/support/pages/node/7278112"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277422",
"url": "https://www.ibm.com/support/pages/node/7277422"
},
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277536",
"url": "https://www.ibm.com/support/pages/node/7277536"
},
{
"published_at": "2026-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7277767",
"url": "https://www.ibm.com/support/pages/node/7277767"
},
{
"published_at": "2026-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278103",
"url": "https://www.ibm.com/support/pages/node/7278103"
}
]
}
FKIE_CVE-2026-9006
Vulnerability from fkie_nvd - Published: 2026-06-22 16:16 - Updated: 2026-06-24 05:17
Severity
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7276600 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_application_server | * | |
| ibm | websphere_application_server | * | |
| ibm | aix | - | |
| ibm | i | - | |
| ibm | z\/os | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"affected": [
{
"affectedData": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 Interim Fix 035",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 Interim Fix 017",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"source": "psirt@us.ibm.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271A774E-CAB3-4A5F-8450-EADBBA7D8AF6",
"versionEndExcluding": "8.5.5.30",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA0DBCF1-7255-420A-B0A4-04C90BAE14F6",
"versionEndExcluding": "9.0.5.29",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure."
}
],
"id": "CVE-2026-9006",
"lastModified": "2026-06-24T05:17:30.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-9006",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-22T16:16:43.233",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7276600"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
GHSA-57WV-8V6F-4353
Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-06-22 18:34
VLAI
Details
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
Severity
7.4 (High)
{
"affected": [],
"aliases": [
"CVE-2026-9006"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-22T16:16:43Z",
"severity": "HIGH"
},
"details": "IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.",
"id": "GHSA-57wv-8v6f-4353",
"modified": "2026-06-22T18:34:16Z",
"published": "2026-06-22T18:34:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9006"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7276600"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-2001
Vulnerability from csaf_certbund - Published: 2026-06-17 22:00 - Updated: 2026-06-25 22:00Summary
IBM WebSphere Application Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM WebSphere Application Server ist ein J2EE-Applikationsserver.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins
|
Web Server Plug-ins 8.5 | |
|
IBM WebSphere Application Server <9.0.5.29
IBM / WebSphere Application Server
|
<9.0.5.29 | ||
|
IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6
|
17.0.0.3-26.0.0.6 | |
|
IBM WebSphere Application Server <9.0.5.28 PH71648
IBM / WebSphere Application Server
|
<9.0.5.28 PH71648 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71370
IBM / WebSphere Application Server
|
<9.0.5.28 PH71370 | ||
|
IBM WebSphere Application Server <9.0.5.28 PH71556
IBM / WebSphere Application Server
|
<9.0.5.28 PH71556 | ||
|
IBM WebSphere Application Server <9.0.5.28
IBM / WebSphere Application Server
|
<9.0.5.28 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71648
IBM / WebSphere Application Server
|
<8.5.5.29 PH71648 | ||
|
IBM WebSphere Application Server <8.5.5.29 PH71370
IBM / WebSphere Application Server
|
<8.5.5.29 PH71370 | ||
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71556
IBM / WebSphere Application Server
|
<8.5.5.29 PH71556 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM WebSphere Application Server <8.5.5.29 PH71376
IBM / WebSphere Application Server
|
<8.5.5.29 PH71376 | ||
|
IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0
IBM / WebSphere Application Server Liberty
|
cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins
|
Web Server Plug-ins 9.0 | |
|
IBM WebSphere Application Server <8.5.5.30
IBM / WebSphere Application Server
|
<8.5.5.30 |
References
9 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://www.ibm.com/support/pages/security-bullet… | external |
| https://www.ibm.com/support/pages/node/7276579 | external |
| https://www.ibm.com/support/pages/node/7276600 | external |
| https://www.ibm.com/support/pages/node/7276560 | external |
| https://www.ibm.com/support/pages/node/7276831 | external |
| https://www.ibm.com/support/pages/node/7276832 | external |
| https://www.ibm.com/support/pages/node/7277034 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-2001 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2001.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-2001 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2001"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/security-bulletin-ibm-websphere-application-server-affected-authentication-bypass-vulnerability-cve-2026-10845"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276579"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276600"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276560"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7276831 vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276831"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7276832 vom 2026-06-17",
"url": "https://www.ibm.com/support/pages/node/7276832"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7277034 vom 2026-06-18",
"url": "https://www.ibm.com/support/pages/node/7277034"
}
],
"source_lang": "en-US",
"title": "IBM WebSphere Application Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-25T22:00:00.000+00:00",
"generator": {
"date": "2026-06-25T14:21:36.231+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-2001",
"initial_release_date": "2026-06-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-06-22T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-38253, EUVD-2026-38252, EUVD-2026-38251, EUVD-2026-38288, EUVD-2026-38286, EUVD-2026-38284, EUVD-2026-38254, EUVD-2026-38346"
},
{
"date": "2026-06-25T22:00:00.000+00:00",
"number": "4",
"summary": "Ebenfalls betroffenen Websphere Application Server Liberty aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0.5.28",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.28",
"product_id": "T055612"
}
},
{
"category": "product_version",
"name": "9.0.5.28",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.28",
"product_id": "T055612-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.28"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5.28 PH71556",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.28 PH71556",
"product_id": "T055613"
}
},
{
"category": "product_version",
"name": "9.0.5.28 PH71556",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.28 PH71556",
"product_id": "T055613-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.28_ph71556"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5.28 PH71370",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.28 PH71370",
"product_id": "T055614"
}
},
{
"category": "product_version",
"name": "9.0.5.28 PH71370",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.28 PH71370",
"product_id": "T055614-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.28_ph71370"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5.28 PH71648",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.28 PH71648",
"product_id": "T055615"
}
},
{
"category": "product_version",
"name": "9.0.5.28 PH71648",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.28 PH71648",
"product_id": "T055615-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.28_ph71648"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5.29",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.29",
"product_id": "T055616"
}
},
{
"category": "product_version",
"name": "9.0.5.29",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.29",
"product_id": "T055616-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.30",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.30",
"product_id": "T055617"
}
},
{
"category": "product_version",
"name": "8.5.5.30",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.30",
"product_id": "T055617-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.30"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.29 PH71376",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.29 PH71376",
"product_id": "T055618"
}
},
{
"category": "product_version",
"name": "8.5.5.29 PH71376",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.29 PH71376",
"product_id": "T055618-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.29_ph71376"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.29 PH71556",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.29 PH71556",
"product_id": "T055619"
}
},
{
"category": "product_version",
"name": "8.5.5.29 PH71556",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.29 PH71556",
"product_id": "T055619-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.29_ph71556"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.29 PH71370",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.29 PH71370",
"product_id": "T055620"
}
},
{
"category": "product_version",
"name": "8.5.5.29 PH71370",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.29 PH71370",
"product_id": "T055620-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.29_ph71370"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.29 PH71648",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.29 PH71648",
"product_id": "T055621"
}
},
{
"category": "product_version",
"name": "8.5.5.29 PH71648",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.29 PH71648",
"product_id": "T055621-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.29_ph71648"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
},
{
"branches": [
{
"category": "product_version",
"name": "17.0.0.3-26.0.0.6",
"product": {
"name": "IBM WebSphere Application Server Liberty 17.0.0.3-26.0.0.6",
"product_id": "T055824",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server_liberty:17.0.0.3_-_26.0.0.6"
}
}
},
{
"category": "product_version",
"name": "Web Server Plug-ins 8.5",
"product": {
"name": "IBM WebSphere Application Server Liberty Web Server Plug-ins 8.5",
"product_id": "T055825",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server_liberty:8.5::web_server_plug-ins"
}
}
},
{
"category": "product_version",
"name": "Web Server Plug-ins 9.0",
"product": {
"name": "IBM WebSphere Application Server Liberty Web Server Plug-ins 9.0",
"product_id": "T055826",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server_liberty:9.0::web_server_plug-ins"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server Liberty"
},
{
"category": "product_name",
"name": "IBM WebSphere Service Registry and Repository",
"product": {
"name": "IBM WebSphere Service Registry and Repository",
"product_id": "T048917",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-10845",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-10845"
},
{
"cve": "CVE-2026-10852",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-10852"
},
{
"cve": "CVE-2026-8646",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-8646"
},
{
"cve": "CVE-2026-8858",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-8858"
},
{
"cve": "CVE-2026-9006",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-9006"
},
{
"cve": "CVE-2026-9071",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-9071"
},
{
"cve": "CVE-2026-9072",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-9072"
},
{
"cve": "CVE-2026-9320",
"product_status": {
"known_affected": [
"T055825",
"T055616",
"T055824",
"T055615",
"T055614",
"T055613",
"T055612",
"T055621",
"T055620",
"T048917",
"T055619",
"T019704",
"T055618",
"T055826",
"T055617"
]
},
"release_date": "2026-06-17T22:00:00.000+00:00",
"title": "CVE-2026-9320"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…