IBM WebSphere Application Server Liberty
Moderate fix2 remedies
cpe:2.3:a:ibm:websphere_application_server_liberty:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 17.0.0.3, <= 26.0.0.4
IBM WebSphere Application Server Liberty Identity Spoofing Vulnerability
Vulnerability
Patched
A vulnerability allowing identity spoofing has been identified in IBM WebSphere Application Server Liberty versions 17.0.0.3 prior to 26.0.0.4. This issue arises when applications are deployed without authentication and authorization, and the appSecurity feature is not enabled on the server.
Impact
Exploitation of this vulnerability could lead to unauthorized identity representation, allowing an attacker to impersonate another user or entity within the application.
Remediation
Users are advised to upgrade to IBM WebSphere Application Server Liberty Fix Pack 26.0.0.5 or later, or to apply the available interim fix for versions 17.0.0.3 through 26.0.0.4 that addresses this vulnerability. Additional interim fixes may be available and linked off the interim fix download page.
Added: Apr 23, 2026, 12:27 AM
Updated: Apr 23, 2026, 12:27 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
0.6exploitability
7.2remediation
7.7relevance
6.5threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.