Vulnerability-Lookup

CVE-2026-10845 (GCVE-0-2026-10845)

Vulnerability from cvelistv5 – Published: 2026-06-22 14:43 – Updated: 2026-06-22 16:06

Title

IBM WebSphere Application Server is affected by an authentication bypass vulnerability

Summary

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-287 - Improper Authentication

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7276597	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	WebSphere Application Server	Affected: 8.5.0 , ≤ 7.0.2 Interim Fix 035 (semver) Affected: 9.0.0 , ≤ 7.0.3 Interim Fix 017 (semver) cpe:2.3:a:ibm:websphere_application_server:8.5:::::::* cpe:2.3:a:ibm:websphere_application_server:8.5.0:::::::* cpe:2.3:a:ibm:websphere_application_server:9.0:::::::* cpe:2.3:a:ibm:websphere_application_server:9.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-10845",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T16:05:58.974560Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T16:06:02.894Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*"
          ],
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "7.0.2 Interim Fix 035",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3 Interim Fix 017",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM WebSphere Application Server 8.5 and 9.0\u0026nbsp;\u003cspan\u003ecould allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM WebSphere Application Server 8.5 and 9.0\u00a0could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T14:43:16.611Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7276597"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71648.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276411\" rel=\"nofollow\"\u003ePH71648\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7276411\" rel=\"nofollow\"\u003ePH71648\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71648.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71648 https://www.ibm.com/support/pages/node/7276411 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71648 https://www.ibm.com/support/pages/node/7276411 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
        }
      ],
      "title": "IBM WebSphere Application Server is affected by an authentication bypass vulnerability",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-10845",
    "datePublished": "2026-06-22T14:43:16.611Z",
    "dateReserved": "2026-06-04T12:02:38.679Z",
    "dateUpdated": "2026-06-22T16:06:02.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-10845",
      "date": "2026-06-23",
      "epss": "0.00355",
      "percentile": "0.27297"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-10845\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-22T16:05:58.974560Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-22T16:05:53.970Z\"}}], \"cna\": {\"title\": \"IBM WebSphere Application Server is affected by an authentication bypass vulnerability\", \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"WebSphere Application Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.2 Interim Fix 035\"}, {\"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.3 Interim Fix 017\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71648.\\n\\n\\n\\nFor IBM WebSphere Application Server traditional:\\n\\n\\n\\nFor V9.0.0.0 through 9.0.5.28:\\n\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71648 https://www.ibm.com/support/pages/node/7276411 \\n--OR--\\n\\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\\u00a0\\n\\n\\n\\nFor V8.5.0.0 through 8.5.5.29:\\n\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71648 https://www.ibm.com/support/pages/node/7276411 \\n--OR--\\n\\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\\u00a0\\n\\n\\n\\n\\n\\n\\n\\nAdditional interim fixes may be available and linked off the interim fix download page.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71648.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\\\"https://www.ibm.com/support/pages/node/7276411\\\" rel=\\\"nofollow\\\"\u003ePH71648\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\\\"https://www.ibm.com/support/pages/node/7276411\\\" rel=\\\"nofollow\\\"\u003ePH71648\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7276597\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM WebSphere Application Server 8.5 and 9.0\\u00a0could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM WebSphere Application Server 8.5 and 9.0\u0026nbsp;\u003cspan\u003ecould allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-06-22T14:43:16.611Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-10845\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-22T16:06:02.894Z\", \"dateReserved\": \"2026-06-04T12:02:38.679Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-06-22T14:43:16.611Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0788

Vulnerability from certfr_avis - Published: 2026-06-19 - Updated: 2026-06-19

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	N/A	WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité
IBM	N/A	WebSphere Application Server versions 8.5.0 sans les derniers correctifs de sécurité
IBM	N/A	IBM QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP15 IF04
IBM	N/A	WebSphere Application Server - Liberty versions 17.x à 26.x sans les derniers correctifs de sécurité
IBM	N/A	DB2 Query Management Facility versions 12.2.0.5 sans les derniers correctifs de sécurité
IBM	N/A	Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent versions 7.3.0 Fix Pack 4 sans les derniers correctifs de sécurité
IBM	N/A	Security QRadar Log Management AQL Plugin versions 1.x antérieures à 1.1.6
IBM	N/A	Sterling Connect:Direct Web Services versions 6.3.0 antérieures à 6.3.0.19
IBM	N/A	Sterling Connect:Direct Web Services versions 6.4.0 antérieures à 6.4.0.8
IBM	N/A	Sterling B2B Integrator et IBM Sterling File Gateway versions 6.2.1 antérieures à 6.2.1.2
IBM	N/A	DB2 Query Management Facility versions 13.1.x sans les derniers correctifs de sécurité
IBM	N/A	WebSphere Application Server versions 9.0.0 à 9.0.5.28 sans les derniers correctifs de sécurité
IBM	N/A	Sterling Connect:Direct File Agent versions 1.4.0.3 à 1.4.0.5_iFi011 pour AIX, Linux x64, Linux PPC et Windows sans le correctif de sécurité 1.4.0.5_iFix012

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7276427	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276831	2026-06-17	vendor-advisory
Bulletin de sécurité IBM 7276430	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276432	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276433	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276620	2026-06-16	vendor-advisory
Bulletin de sécurité IBM 7276616	2026-06-16	vendor-advisory
Bulletin de sécurité IBM 7276425	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276597	2026-06-16	vendor-advisory
Bulletin de sécurité IBM 7276428	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276761	2026-06-17	vendor-advisory
Bulletin de sécurité IBM 7276816	2026-06-17	vendor-advisory
Bulletin de sécurité IBM 7276589	2026-06-16	vendor-advisory
Bulletin de sécurité IBM 7276832	2026-06-17	vendor-advisory
Bulletin de sécurité IBM 7276187	2026-06-12	vendor-advisory
Bulletin de sécurité IBM 7276426	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276579	2026-06-16	vendor-advisory
Bulletin de sécurité IBM 7276303	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276193	2026-06-12	vendor-advisory
Bulletin de sécurité IBM 7276939	2026-06-18	vendor-advisory
Bulletin de sécurité IBM 7276600	2026-06-16	vendor-advisory
Bulletin de sécurité IBM 7276189	2026-06-12	vendor-advisory
Bulletin de sécurité IBM 7276429	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276392	2026-06-15	vendor-advisory
Bulletin de sécurité IBM 7276185	2026-06-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 8.5.0  sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0  7.5.0 UP15 IF04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server - Liberty versions 17.x \u00e0 26.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DB2 Query Management Facility versions 12.2.0.5 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent versions 7.3.0 Fix Pack 4 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar Log Management AQL Plugin versions 1.x ant\u00e9rieures \u00e0 1.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.0 ant\u00e9rieures \u00e0  6.3.0.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.4.0 ant\u00e9rieures \u00e0 6.4.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator et IBM Sterling File Gateway versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DB2 Query Management Facility versions 13.1.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 9.0.0 \u00e0 9.0.5.28 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct File Agent versions 1.4.0.3 \u00e0  1.4.0.5_iFi011 pour AIX, Linux x64, Linux PPC et Windows sans le correctif de s\u00e9curit\u00e9 1.4.0.5_iFix012",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-6474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6474"
    },
    {
      "name": "CVE-2026-44289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44289"
    },
    {
      "name": "CVE-2026-6472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6472"
    },
    {
      "name": "CVE-2025-14087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
    },
    {
      "name": "CVE-2025-41234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
    },
    {
      "name": "CVE-2026-6479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6479"
    },
    {
      "name": "CVE-2026-44293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44293"
    },
    {
      "name": "CVE-2026-44290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44290"
    },
    {
      "name": "CVE-2026-40355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40355"
    },
    {
      "name": "CVE-2026-41239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
    },
    {
      "name": "CVE-2026-41305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41305"
    },
    {
      "name": "CVE-2026-33814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
    },
    {
      "name": "CVE-2026-45740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45740"
    },
    {
      "name": "CVE-2026-43284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43284"
    },
    {
      "name": "CVE-2026-39824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39824"
    },
    {
      "name": "CVE-2026-40977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40977"
    },
    {
      "name": "CVE-2026-22013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
    },
    {
      "name": "CVE-2026-32635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32635"
    },
    {
      "name": "CVE-2026-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
    },
    {
      "name": "CVE-2026-41988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41988"
    },
    {
      "name": "CVE-2024-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
    },
    {
      "name": "CVE-2026-6637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6637"
    },
    {
      "name": "CVE-2026-41242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41242"
    },
    {
      "name": "CVE-2025-41248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
    },
    {
      "name": "CVE-2026-34282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
    },
    {
      "name": "CVE-2026-6473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6473"
    },
    {
      "name": "CVE-2026-39821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
    },
    {
      "name": "CVE-2025-14512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
    },
    {
      "name": "CVE-2026-5758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-5758"
    },
    {
      "name": "CVE-2026-27136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27136"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2026-23865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
    },
    {
      "name": "CVE-2026-40356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40356"
    },
    {
      "name": "CVE-2026-33671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
    },
    {
      "name": "CVE-2026-5598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
    },
    {
      "name": "CVE-2026-33750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
    },
    {
      "name": "CVE-2026-44288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44288"
    },
    {
      "name": "CVE-2026-8646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8646"
    },
    {
      "name": "CVE-2026-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2026-6638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6638"
    },
    {
      "name": "CVE-2026-9320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9320"
    },
    {
      "name": "CVE-2026-40975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40975"
    },
    {
      "name": "CVE-2026-41240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
    },
    {
      "name": "CVE-2026-42506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42506"
    },
    {
      "name": "CVE-2026-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
    },
    {
      "name": "CVE-2025-41235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41235"
    },
    {
      "name": "CVE-2026-46300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46300"
    },
    {
      "name": "CVE-2026-25680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25680"
    },
    {
      "name": "CVE-2026-6478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6478"
    },
    {
      "name": "CVE-2026-10845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
    },
    {
      "name": "CVE-2026-6475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6475"
    },
    {
      "name": "CVE-2026-22016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
    },
    {
      "name": "CVE-2026-22021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
    },
    {
      "name": "CVE-2026-22007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
    },
    {
      "name": "CVE-2026-34268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
    },
    {
      "name": "CVE-2026-44291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44291"
    },
    {
      "name": "CVE-2026-42583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
    },
    {
      "name": "CVE-2026-41680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41680"
    },
    {
      "name": "CVE-2026-44292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44292"
    },
    {
      "name": "CVE-2026-29181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29181"
    },
    {
      "name": "CVE-2026-6477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6477"
    },
    {
      "name": "CVE-2026-42502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42502"
    },
    {
      "name": "CVE-2026-33672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
    },
    {
      "name": "CVE-2026-8723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8723"
    },
    {
      "name": "CVE-2026-25681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25681"
    },
    {
      "name": "CVE-2026-40973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40973"
    },
    {
      "name": "CVE-2026-46333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46333"
    },
    {
      "name": "CVE-2026-41035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41035"
    },
    {
      "name": "CVE-2025-22235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
    },
    {
      "name": "CVE-2026-9330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9330"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2026-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9311"
    },
    {
      "name": "CVE-2026-26996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
    },
    {
      "name": "CVE-2025-64756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
    },
    {
      "name": "CVE-2026-41238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41238"
    },
    {
      "name": "CVE-2026-9071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9071"
    },
    {
      "name": "CVE-2026-9006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
    },
    {
      "name": "CVE-2025-41242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
    },
    {
      "name": "CVE-2026-44294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44294"
    },
    {
      "name": "CVE-2026-22008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
    },
    {
      "name": "CVE-2025-14813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
    },
    {
      "name": "CVE-2026-41907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41907"
    },
    {
      "name": "CVE-2026-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
    }
  ],
  "initial_release_date": "2026-06-19T00:00:00",
  "last_revision_date": "2026-06-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0788",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276427",
      "url": "https://www.ibm.com/support/pages/node/7276427"
    },
    {
      "published_at": "2026-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276831",
      "url": "https://www.ibm.com/support/pages/node/7276831"
    },
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276430",
      "url": "https://www.ibm.com/support/pages/node/7276430"
    },
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276432",
      "url": "https://www.ibm.com/support/pages/node/7276432"
    },
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276433",
      "url": "https://www.ibm.com/support/pages/node/7276433"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276620",
      "url": "https://www.ibm.com/support/pages/node/7276620"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276616",
      "url": "https://www.ibm.com/support/pages/node/7276616"
    },
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276425",
      "url": "https://www.ibm.com/support/pages/node/7276425"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276597",
      "url": "https://www.ibm.com/support/pages/node/7276597"
    },
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276428",
      "url": "https://www.ibm.com/support/pages/node/7276428"
    },
    {
      "published_at": "2026-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276761",
      "url": "https://www.ibm.com/support/pages/node/7276761"
    },
    {
      "published_at": "2026-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276816",
      "url": "https://www.ibm.com/support/pages/node/7276816"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276589",
      "url": "https://www.ibm.com/support/pages/node/7276589"
    },
    {
      "published_at": "2026-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276832",
      "url": "https://www.ibm.com/support/pages/node/7276832"
    },
    {
      "published_at": "2026-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276187",
      "url": "https://www.ibm.com/support/pages/node/7276187"
    },
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276426",
      "url": "https://www.ibm.com/support/pages/node/7276426"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276579",
      "url": "https://www.ibm.com/support/pages/node/7276579"
    },
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276303",
      "url": "https://www.ibm.com/support/pages/node/7276303"
    },
    {
      "published_at": "2026-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276193",
      "url": "https://www.ibm.com/support/pages/node/7276193"
    },
    {
      "published_at": "2026-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276939",
      "url": "https://www.ibm.com/support/pages/node/7276939"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276600",
      "url": "https://www.ibm.com/support/pages/node/7276600"
    },
    {
      "published_at": "2026-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276189",
      "url": "https://www.ibm.com/support/pages/node/7276189"
    },
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276429",
      "url": "https://www.ibm.com/support/pages/node/7276429"
    },
    {
      "published_at": "2026-06-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276392",
      "url": "https://www.ibm.com/support/pages/node/7276392"
    },
    {
      "published_at": "2026-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7276185",
      "url": "https://www.ibm.com/support/pages/node/7276185"
    }
  ]
}

GHSA-8FP2-P896-CH7X

Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-06-22 18:34

Details

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.

Severity

7.3 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-10845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-22T16:16:32Z",
    "severity": "HIGH"
  },
  "details": "IBM WebSphere Application Server 8.5 and 9.0\u00a0could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.",
  "id": "GHSA-8fp2-p896-ch7x",
  "modified": "2026-06-22T18:34:12Z",
  "published": "2026-06-22T18:34:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10845"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7276597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-10845 (GCVE-0-2026-10845)

CERTFR-2026-AVI-0788

Solutions

GHSA-8FP2-P896-CH7X

Tags

Sightings

Nomenclature