Primary

Context

IBM WebSphere Application Server Liberty Weaker Than Expected Security Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.2, where the Security Utility may introduce weaker than anticipated security when managing security settings. This issue is related to the use of hard-coded cryptographic keys, potentially compromising the integrity of encoded secrets.

Impact

This vulnerability could lead to inadequate security measures, allowing for potential manipulation or exposure of sensitive information that relies on the affected security settings.

Remediation

Users are advised to upgrade to IBM WebSphere Application Server Liberty Fix Pack 26.0.0.3 or later, or to apply the available interim fix that addresses APAR PH69658. Additional interim fixes may also be available.

Added: Mar 3, 2026, 8:30 PM

Updated: Mar 3, 2026, 10:14 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

3.6

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

3.6

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM WebSphere Application Server Liberty Weaker Than Expected Security Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM WebSphere Application Server Liberty

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating