CNNVD-202508-660 Information
CNNVD ID
CNNVD-202508-660
Related CVE
- CNNVD Published: 2025-08-07
Description (Chinese)
IBM WebSphere Application Server(WAS)和IBM WebSphere Application Server Liberty都是美国国际商业机器(IBM)公司的产品。IBM WebSphere Application Server是一款应用服务器产品。该产品是JavaEE和Web服务应用程序的平台,也是IBMWebSphere软件平台的基础。IBM WebSphere Application Server Liberty是一款构建于Open Liberty项目之上的Java应用程序服务器。 IBM WebSphere Application Server(WAS) 9.0版本和IBM WebSphere Application Server Liberty 17.0.0.3至25.0.0.7版本存在安全漏洞,该漏洞源于未能遵守安全配置,可能导致绕过安全限制。
Description (English)
IBM WebSphere Application Server (WAS) and IBM WebSphere Application Server Lily are products of the United States International Business Machine (IBM). IBM WebSphere Application Server is an application server product. The product is the platform for JavaEE and Web service applications and the basis for the IBMWebSphere software platform. IBM WebSphere Application Server Liberty is a Java application server built on the Open Liberty project. IBM WebSphere Application Server (WAS) version 9.0 and IBM WebSphere Application Service 17.0.0.3 to 25.0.0.7 have security gaps, which stem from failure to comply with security configurations and may lead to circumvention of security restrictions.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
国际商业机器
Published
2025-08-07
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7239955 https://vigilance.fr/vulnerability/IBM-WebSphere-Application-Server-Application-Server-Liberty-privilege-escalation-dated-18-07-2025-47742
Patch
https://www.ibm.com/support/pages/node/7239955
Share on: