Description
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- ibm / websphere_application_server9.0 – 9.0
- ibm / websphere_application_server9.0.0 – 9.0.0
- ibm / websphere_application_server8.5 – 8.5
- ibm / websphere_application_server8.5.0 – 8.5.0
- ibm / websphere_application_server___liberty19.0.0.7 – 19.0.0.7
- ibm / websphere_application_server___liberty26.0.0.5 – 26.0.0.5