Volerion logoVolerion
Volerion logoVolerion

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty Denial-of-Service and Potential Remote Code Execution Vulnerability

Vulnerability

A vulnerability allowing denial-of-service and potentially remote code execution has been identified in the IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty, versions 8.5 and 9.0. This vulnerability arises from improper input validation.

Impact

Exploitation of this vulnerability can lead to denial-of-service conditions and potentially allow for remote code execution on the server.

Remediation

Users are advised to apply the Web Server Plug-ins Interim Fix that resolves APAR PH71342. For Web Server Plug-ins Fix Pack 9.0.0.0 through 9.0.5.27, upgrade to the required minimal fix pack levels and then apply the interim fix. For Web Server Plug-ins Fix Pack 8.5.0.0 through 8.5.5.29, the same process applies, or users can wait for the next available fix pack, targeted for 3Q2026.

Added: May 26, 2026, 10:22 PM
Updated: May 26, 2026, 10:22 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
7.4
remediation
0.0
relevance
9.6
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.