CVE-2025-14923PATCHED

ibm · websphere_application_server

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administe

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.

Affected Products

Vendor	Product	Versions
ibm	websphere_application_server	< 26.0.0.3

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	i	cert_advisory	90%
ibm	websphere application	cert_advisory	90%

References

https://www.ibm.com/support/pages/node/7261761(Vendor Advisory)

Related News (1 articles)

Tier B

BSI Advisories12h ago

[UPDATE] [mittel] IBM WebSphere Application Server Liberty: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

→ No new info (linked only)

CVSS 3.14.7 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

26.0.0.3

CWECWE-321, CWE-798

PublishedMar 3, 2026

Last enriched6d ago

Trending Score22

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALPRE-CVE

Multiple Critical Vulnerabilities in Various IBM Products

Trending: 30

HIGHCVE-2026-1345EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Trending: 26

MEDIUMCVE-2026-1491EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Trending: 22

MEDIUMCVE-2025-14915

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the

Trending: 22

MEDIUMCVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to sen

Trending: 22

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 3, 2026

Patch Available

Mar 4, 2026

Discovered by ZDM

Apr 1, 2026