IBM WebSphere Application Server Liberty
Moderate fix2 remedies
cpe:2.3:a:ibm:websphere_application_server_liberty:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 17.0.0.3, <= 26.0.0.3
IBM WebSphere Application Server Liberty Weaker Than Expected Security Vulnerability
Vulnerability
Patched
A vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.3, which could lead to weaker than expected security when managing security settings. This issue is particularly relevant when the appSecurity features (versions 1.0 through 5.0) are enabled.
Impact
Exploitation of this vulnerability could result in security settings being administered in a manner that undermines their intended strength, potentially leading to unauthorized access or actions within the application.
Remediation
Users are advised to upgrade to IBM WebSphere Application Server Liberty Fix Pack 26.0.0.4 or later, or to apply the interim fix for APAR PH70078 available for versions 17.0.0.3 through 26.0.0.3. After applying the interim fix or fix pack, follow the additional instructions provided to complete the remediation.
Added: Mar 25, 2026, 10:18 PM
Updated: Mar 25, 2026, 10:18 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.3exploitability
3.5remediation
7.7relevance
4.7threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.