Volerion logoVolerion
Volerion logoVolerion

IBM WebSphere Application Server Identity Spoofing Vulnerability

Vulnerability

An identity spoofing vulnerability has been identified in IBM WebSphere Application Server versions 9.0 and 8.5. This vulnerability allows for authentication bypass by spoofing, potentially leading to unauthorized actions or access.

Impact

Exploitation of this vulnerability could allow an attacker to spoof identities, bypassing authentication mechanisms and potentially leading to unauthorized access or actions within the application server.

Remediation

Users are advised to upgrade to the latest fix pack or apply the available interim fix for APAR PH71422. For WebSphere Application Server 9.0.0.0 through 9.0.5.28, upgrade to the required minimal fix pack level and then apply the interim fix. Alternatively, users can apply Fix Pack 9.0.5.29 or later, with 9.0.5.30 targeted for availability in 3Q2026. For WebSphere Application Server 8.5.0.0 through 8.5.5.29, the same upgrade and interim fix application process applies, or users can upgrade to Fix Pack 8.5.5.30 or later, also targeted for 3Q2026.

Added: Jun 1, 2026, 7:56 PM
Updated: Jun 1, 2026, 7:56 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
0.6
exploitability
7.6
remediation
7.7
relevance
9.7
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.