IBM WebSphere Application Server Liberty is affected by identity spoofing

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.

Basic Information

ID CVE-2026-3621

Source ibm

Published Apr 22, 2026 at 23:07

Affected Product

Vendor IBM

Product WebSphere Application Server - Liberty

Version 17.0.0.3

Affected Versions IBM WebSphere Application Server - Liberty 17.0.0.3

CWE Classification

CWE-269

References

www.ibm.com /support/pages/node/7270437

{
    "lastseen": "",
    "description": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.",
    "published": "2026-04-22T23:07:31.595Z",
    "modified": "2026-04-22T23:07:31.595Z",
    "type": "cve",
    "title": "IBM WebSphere Application Server Liberty is affected by identity spoofing",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7270437",
    "id": "CVE-2026-3621",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "IBM WebSphere Application Server - Liberty 17.0.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WebSphere Application Server - Liberty",
    "version": "17.0.0.3",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

IBM WebSphere Application Server Liberty is affected by identity spoofing_CVE-2026-3621