IBM WebSphere Application Server Liberty
Moderate fix2 remedies
cpe:2.3:a:ibm:websphere_application_server_liberty:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 17.0.0.3, <= 25.0.0.8
IBM WebSphere Application Server Liberty JMS Security Bypass Vulnerability
Vulnerability
Patched
A security bypass vulnerability has been identified in IBM WebSphere Application Server Liberty versions 17.0.0.3 prior to 25.0.0.8. This vulnerability allows remote attackers to bypass security restrictions due to the application not properly honoring JMS messaging configurations. The issue arises when the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 features are enabled.
Impact
Exploitation of this vulnerability could lead to unauthorized access or actions being performed, bypassing intended security measures.
Remediation
Users are advised to upgrade to IBM WebSphere Application Server Liberty Fix Pack 25.0.0.9 or later, or to apply the interim fix for APAR PH67546. Instructions for applying this interim fix are available on the IBM Support page.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
0.6exploitability
7.6remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.