Impact
IBM WebSphere Application Server and its Liberty profile contain a denial of service flaw in the WebSphere WebServer Plug‑in component. When an attacker supplies crafted requests to the web server, the plug‑in can become unresponsive, causing the WebSphere WebServer and associated services to crash or become unavailable. This results in interruption of services for users on the affected system.
Affected Systems
IBM i releases 7.6, 7.5, 7.4, and 7.3, along with IBM WebSphere Application Server and its Liberty profile are impacted. The IBM i Platform Fix Technology releases that address this vulnerability are SJ10122 (for 7.6), SJ10121 (for 7.5), SJ10120 (for 7.4), and SJ10119 (for 7.3).
Risk and Exploitability
The CVSS score of 5.9 indicates a medium severity denial of service vulnerability. EPSS score is less than 1%, and the issue is not listed in the CISA KEV catalog. Exploitation requires an attacker to send crafted HTTP requests to the WebSphere WebServer Plug‑in component, which typically operates over the network; no specific privilege level is confirmed by the supplied information.
OpenCVE Enrichment