Skip to main content

IBM WebSphere EUVDEUVD-2026-40411

| CVE-2026-11594 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-30 ibm GHSA-ggxw-vx9j-j3mp
6.1
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
HIGH
qualitative
NVD
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

XSS in an admin console typically yields Low C/I with changed scope; injecting into the console generally needs some access (PR:L) and an admin victim must render it (UI:R).

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Severity Changed
Jul 02, 2026 - 18:07 NVD
HIGH MEDIUM
CVSS changed
Jul 02, 2026 - 18:07 NVD
8.5 (HIGH) 6.1 (MEDIUM)
Analysis Generated
Jun 30, 2026 - 21:16 vuln.today

DescriptionNVD

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.

AnalysisAI

Stored/reflected cross-site scripting in the administrative console of IBM WebSphere Application Server 9.0 and 8.5 lets an adjacent-network attacker inject malicious script that executes in an administrator's browser session. Because the CVSS scope is changed and impact is rated high, a successful injection could let the attacker hijack the privileged admin session and pivot to broader server compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent-network access to admin console
Delivery
Inject crafted XSS payload into console input
Exploit
Admin views malicious console page
Execution
Script executes in privileged session
Impact
Hijack admin session and pivot

Vulnerability AssessmentAI

Exploitation Exploitation targets the WebSphere Application Server administrative console specifically and requires three concrete conditions drawn from the CVSS vector: adjacent-network access to the console (AV:A - the attacker must be on the same logical network/segment, not arbitrary Internet), an authenticated administrator actively viewing the malicious content (UI:R - the privileged victim's browser interaction is what triggers script execution), and the admin console being deployed and reachable. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N, base 8.5) presents an unusual profile for an XSS bug: it marks confidentiality and integrity as High with a changed scope, which is aggressive for a CWE-79 issue where impact is more typically Low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same adjacent network segment as the management interface crafts a request or stored value containing malicious JavaScript that the WebSphere admin console fails to neutralize. When an authenticated administrator views the affected console page, the script executes in their privileged session, allowing the attacker to steal the admin session token or perform actions as the administrator. …
Remediation Apply the fix referenced in IBM's advisory at https://www.ibm.com/support/pages/node/7277546 (Patch available per vendor advisory); an exact fix pack / iFix version was not included in the provided data, so confirm the specific APAR/iFix for your 9.0 or 8.5 install directly from that note before scheduling. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all WebSphere Application Server 8.5 and 9.0 instances; document network exposure of admin consoles; review access logs for unauthorized admin activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2019-4279 CRITICAL POC
9.8 May 17

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with

CVE-2015-1920 CRITICAL
10.0 May 20

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.

CVE-2013-1777 CRITICAL
10.0 Jul 11

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Co

CVE-2012-5955 CRITICAL
10.0 Dec 20

Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows

CVE-2018-1770 MEDIUM POC
6.5 Oct 12

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the sys

CVE-2016-5983 HIGH
7.5 Oct 05

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2

CVE-2013-0462 CRITICAL
10.0 Jan 27

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown i

CVE-2026-11541 CRITICAL
9.8 Jun 30

HTTP request smuggling in IBM WebSphere Application Server (traditional 8.5 and 9.0) and WebSphere Liberty (17.0.0.3 thr

CVE-2026-11546 CRITICAL
9.8 Jun 30

Server-side request forgery in IBM WebSphere Application Server Liberty (17.0.0.3 through 26.0.0.7) lets remote unauthen

CVE-2026-11714 CRITICAL
9.8 Jun 30

Server-side request forgery in IBM WebSphere Application Server Liberty (17.0.0.3 through 26.0.0.7) lets remote, unauthe

CVE-2023-23477 CRITICAL
9.8 Feb 03

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the

CVE-2020-4589 CRITICAL
9.8 Aug 13

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the s

Share

EUVD-2026-40411 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy