Description
IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
Published: 2026-06-22
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The WebSphere WebServer Plug-in component in IBM i versions 7.3 through 7.6 and in IBM WebSphere Application Server Liberty is vulnerable to denial of service when an attacker can submit crafted requests to the web server. The flaw can cause the server to become unavailable, disrupting services for users of the affected system.

Affected Systems

IBM i releases 7.6, 7.5, 7.4, and 7.3, along with IBM WebSphere Application Server and its Liberty profile are impacted. The IBM i Platform Fix Technology releases that address this vulnerability are SJ10122 (for 7.6), SJ10121 (for 7.5), SJ10120 (for 7.4), and SJ10119 (for 7.3).

Risk and Exploitability

The CVSS score of 5.9 indicates a medium severity denial of service vulnerability. EPSS data is not available, and the issue is not listed in the CISA KEV catalog. Exploitation requires an attacker to send crafted HTTP requests to the WebSphere WebServer Plug-in component, which typically operates over the network; no specific privilege level is confirmed by the supplied information.

Generated by OpenCVE AI on June 22, 2026 at 21:50 UTC.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerabilities now. IBM i Release5770-SS1 Option 3 PTF Number(s)PTF Download Link(s)7.6SJ10122 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122 7.5SJ10121 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121 7.4SJ10120 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120 7.3SJ10119 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119 IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.

OpenCVE Recommended Actions

  • Apply the IBM i Platform Fix Technology (PTF) matching your release, for example SJ10122 for 7.6, SJ10121 for 7.5, SJ10120 for 7.4, or SJ10119 for 7.3, as published by IBM.
  • If running an unsupported or older release, upgrade to the latest supported IBM i version that includes the WebSphere WebServer Plug-in fix.
  • As a temporary countermeasure, block external access to the WebSphere WebServer Plug-in component or disable the plug-in entirely to prevent exploitation.

Generated by OpenCVE AI on June 22, 2026 at 21:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 22 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Description IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
Title IBM i is Affected By a Denial of Service in IBM WebSphere Application Server Liberty
First Time appeared Ibm
Ibm i
Weaknesses CWE-476
CPEs cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm i
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Ibm I
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-23T15:06:39.514Z

Reserved: 2026-06-04T12:38:07.335Z

Link: CVE-2026-10852

cve-icon Vulnrichment

Updated: 2026-06-23T14:51:36.316Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T02:45:16Z

Weaknesses