HIGH🇵🇱 Wersja polska

CVE-2026-8858

CVSS 7.5v3.1pub. 2026-06-22upd. 2026-06-24

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM I

    APP
    Ibm
    7.3 – 7.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2025-36038CRITICAL9.0PL ✓ten sam produkt

RCE w IBM WebSphere Application Server przez niebezpieczną deserializację

CVE-2020-9412CRITICAL10.0ten sam produkt

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i con...

CVE-2020-9411CRITICAL10.0ten sam produkt

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i con...

CVE-2026-10845HIGH7.3ten sam produkt

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain u...

CVE-2026-8646HIGH7.4ten sam produkt

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 2...