Description
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.
Published: 2026-06-01
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM WebSphere Application Server 8.5 and 9.0 are vulnerable to improper validation of user-supplied data during deserialization in the SAML Web Single Sign-On component. The flaw allows an attacker to craft a malicious HTTP request that, when processed with a suitable gadget chain, results in remote code execution. This weakness can lead to full compromise of the affected server, including loss of confidentiality, integrity, and availability, and is classified as CWE‑502.

Affected Systems

The affected environment is IBM WebSphere Application Server (traditional). Vulnerable versions include 9.0.0.0 through 9.0.5.28, and 8.5.0.0 through 8.5.5.29. Updating to fix pack 9.0.5.29 or later for 9.x, or to fix pack 8.5.5.30 or later for 8.5.x, resolves the issue.

Risk and Exploitability

The CVSS score is 8.5, indicating high severity. EPSS information is not available, so the exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote via a crafted HTTP request to the server’s SAML endpoint, requiring the attacker to supply a malicious payload that triggers the gadget chain. An attacker who succeeds can execute arbitrary code on the server.

Generated by OpenCVE AI on June 1, 2026 at 20:35 UTC.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71453. For IBM WebSphere Application Server traditional: For V9.0.0.0 through 9.0.5.28: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71453 https://www.ibm.com/support/pages/node/7274233 --OR-- · Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).  For V8.5.0.0 through 8.5.5.29: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71453 https://www.ibm.com/support/pages/node/7274233 --OR-- · Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).  Additional interim fixes may be available and linked off the interim fix download page.

OpenCVE Recommended Actions

  • Apply the interim fix for APAR PH71453 from the IBM support page.
  • If the interim fix has not been applied, upgrade to the earliest available fix pack (9.0.5.29 or later for IBM WebSphere Application Server 9.x, or 8.5.5.30 or later for IBM WebSphere Application Server 8.5.x) which contains the PH71453 fix.
  • Review the applied fix pack release notes and any additional interim fixes listed on the IBM download page, and deploy those fixes as necessary to fully remediate the vulnerability.

Generated by OpenCVE AI on June 1, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.
Title IBM WebSphere Application Server is affected by remote code execution
First Time appeared Ibm
Ibm websphere Application Server
Weaknesses CWE-502
CPEs cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm websphere Application Server
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Ibm Websphere Application Server
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-02T03:56:04.698Z

Reserved: 2026-05-22T22:15:58.580Z

Link: CVE-2026-9330

cve-icon Vulnrichment

Updated: 2026-06-01T19:07:40.708Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-01T19:16:55.813

Modified: 2026-06-02T14:01:26.667

Link: CVE-2026-9330

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:00:13Z

Weaknesses