Impact
A server‑side request forgery vulnerability exists when the apiDiscovery‑1.0 feature is enabled in IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.7. The flaw lets an attacker craft requests that cause the server to perform outbound calls on the attacker’s behalf. This can expose internal resources, reveal configuration details, or allow data leaks. The vulnerability is classified as CWE‑918. The potential impact is loss of confidentiality, integrity, and potentially availability of internal services.
Affected Systems
IBM WebSphere Application Server Liberty version 17.0.0.3 up to and including 26.0.0.7. The flaw is tied to the apiDiscovery‑1.0 feature; any deployment of these releases with that feature enabled is affected. The advisory does not list additional products or configurations.
Risk and Exploitability
The CVSS score of 8.5 marks this as a high‑severity vulnerability. The EPSS score is not available, so the current probability of exploitation is unknown but could be significant for environments where the apiDiscovery feature is exposed to untrusted clients. The vulnerability is not listed in CISA’s KEV catalog. Attackers would need to be able to send specially crafted HTTP requests to the Liberty server’s REST endpoint that triggers the apiDiscovery service. No publicly disclosed exploitation code is available, but the flaw’s nature suggests it could be leveraged by an authenticated or unauthenticated attacker depending on how the feature is secured.
OpenCVE Enrichment