Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Network-reachable, unauthenticated SSRF (AV:N/AC:L/PR:N) with high confidentiality via internal-resource access but only limited integrity and no direct availability impact typical of SSRF.
Primary rating from Vendor (us).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionNVD
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled.
AnalysisAI
Server-side request forgery in IBM WebSphere Application Server Liberty (17.0.0.3 through 26.0.0.7) lets remote unauthenticated attackers coerce the server into making arbitrary outbound requests when the adminCenter-1.0 feature is enabled. Reported by IBM PSIRT with a CVSS 3.1 base score of 9.8, the flaw carries no public exploit identified at time of analysis; EPSS is low at 0.21% (12th percentile) and CISA SSVC records exploitation status as none. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target Liberty server have the adminCenter-1.0 feature explicitly enabled in its configuration (server.xml) - this is the exact named prerequisite from the CVE description and is not enabled by default on a minimal Liberty server, so instances without Admin Center are not exploitable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals here conflict sharply and warrant caution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach an internet-exposed Liberty Admin Center sends a crafted request to the vulnerable adminCenter-1.0 handler, supplying a URL pointing at an internal-only resource such as a cloud metadata service or an internal management API. The server dutifully makes the outbound request and returns or acts on the response, letting the attacker enumerate and reach internal services from the trust position of the application server. … |
| Remediation | Apply the fix documented in IBM's advisory at https://www.ibm.com/support/pages/node/7278572; consult that page for the exact interim fix (iFix/APAR) or fixpack level, as no specific patched version is stated in the available intelligence - treat this as Patch available per vendor advisory rather than a confirmed version number. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all IBM WebSphere Application Server Liberty deployments with the adminCenter-1.0 administrative console feature enabled; disable this feature immediately for instances where it is not operationally required. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Websphere Application Server
View allIBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Co
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the sys
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown i
HTTP request smuggling in IBM WebSphere Application Server (traditional 8.5 and 9.0) and WebSphere Liberty (17.0.0.3 thr
Server-side request forgery in IBM WebSphere Application Server Liberty (17.0.0.3 through 26.0.0.7) lets remote, unauthe
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the s
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40399
GHSA-7m34-7chv-8x87