Skip to main content

IBM WebSphere Application Server CVE-2026-11712

| EUVDEUVD-2026-40396 CRITICAL
Cross-site Scripting (XSS) (CWE-79)
2026-06-30 psirt@us.ibm.com GHSA-r8wf-c575-w3gq
9.3
CVSS 3.1 · Vendor: us
Share

Severity by source

Vendor (us) PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
vuln.today AI
6.1 MEDIUM

Network-reachable reflected XSS needs no attacker auth (PR:N) but requires admin interaction (UI:R); script in another security context yields S:C with limited C:L/I:L, not the High impacts IBM assigned.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (us).

CVSS VectorVendor: us

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 30, 2026 - 20:35 vuln.today

DescriptionCVE.org

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.

AnalysisAI

Cross-site scripting in IBM WebSphere Application Server 9.0 and 8.5 lets a remote attacker inject malicious script into the administrative console help system, which executes in the browser session of an administrator who is lured into viewing the crafted content. Because the payload runs inside an authenticated admin context, it can be abused to hijack the console session, manipulate configuration, or steal sensitive credentials. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious script payload for console help system
Delivery
Deliver crafted link to WebSphere administrator
Exploit
Administrator opens content in authenticated console
Execution
Script executes in admin session context
Impact
Hijack session / alter configuration

Vulnerability AssessmentAI

Exploitation Exploitation targets the administrative console help system of WebSphere Application Server 9.0 / 8.5 and requires a victim administrator to interact with attacker-supplied content (CVSS UI:R) - typically opening a crafted link or viewing injected help content while authenticated to the console. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals conflict and warrant scrutiny. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a URL or content fragment containing a malicious script payload targeting the WebSphere administrative console help system and sends it to a WebSphere administrator (e.g., via phishing). When the authenticated administrator opens it in the console, the script executes in their session and can exfiltrate session tokens or issue console actions on their behalf. …
Remediation Apply the remediation described in IBM's security bulletin at https://www.ibm.com/support/pages/node/7278590, which is the authoritative source for the corrective fix pack or interim fix for WebSphere Application Server 9.0 and 8.5 - Patch available per vendor advisory; an exact fixed version string was not provided in the input data and should be taken directly from that bulletin rather than assumed. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Segment administrative console access to authenticated internal networks only; apply firewall rules restricting access to known administrator IP ranges. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2019-4279 CRITICAL POC
9.8 May 17

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with

CVE-2015-1920 CRITICAL
10.0 May 20

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.

CVE-2013-1777 CRITICAL
10.0 Jul 11

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Co

CVE-2012-5955 CRITICAL
10.0 Dec 20

Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows

CVE-2018-1770 MEDIUM POC
6.5 Oct 12

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the sys

CVE-2016-5983 HIGH
7.5 Oct 05

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2

CVE-2013-0462 CRITICAL
10.0 Jan 27

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown i

CVE-2026-11541 CRITICAL
9.8 Jun 30

HTTP request smuggling in IBM WebSphere Application Server (traditional 8.5 and 9.0) and WebSphere Liberty (17.0.0.3 thr

CVE-2026-11546 CRITICAL
9.8 Jun 30

Server-side request forgery in IBM WebSphere Application Server Liberty (17.0.0.3 through 26.0.0.7) lets remote unauthen

CVE-2026-11714 CRITICAL
9.8 Jun 30

Server-side request forgery in IBM WebSphere Application Server Liberty (17.0.0.3 through 26.0.0.7) lets remote, unauthe

CVE-2023-23477 CRITICAL
9.8 Feb 03

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the

CVE-2020-4589 CRITICAL
9.8 Aug 13

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the s

Share

CVE-2026-11712 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy