CNNVD-202602-097 Information
CNNVD ID
CNNVD-202602-097
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
IBM WebSphere Application Server Liberty是美国国际商业机器(IBM)公司的一款构建于Open Liberty项目之上的Java应用程序服务器。 IBM WebSphere Application Server Liberty 17.0.0.3至26.0.0.1版本存在路径遍历漏洞,该漏洞源于特权用户可以上传包含路径遍历序列的zip归档文件,可能导致覆盖文件并执行任意代码。
Description (English)
IBM WebSphere Application Server Liberty is a Java application server built on the Open Liberty project by the United States International Business Machine (IBM). Versions 170.0.3 to 26.0.0.1 of the IBM WebSphere Application Service 17.0.0.3 to 26.0.0.1 contain a loophole from the privileged user ’ s ability to upload the zip archive file containing the path history series, which may lead to overwhelming the file and implementing any code.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
国际商业机器
Published
2026-02-02
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7258224 https://access.redhat.com/security/cve/cve-2025-14914
Patch
https://www.ibm.com/support/pages/node/7258224
Share on: