CVE-2026-10845

Published Jun 22, 2026

Last updated 3 days ago

CVSS high 7.3

Server

Overview

Description: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.
Source: psirt@us.ibm.com
NVD status: Analyzed
Products: websphere_application_server

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.3
Impact score: 3.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: HIGH

Weaknesses

psirt@us.ibm.com: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "271A774E-CAB3-4A5F-8450-EADBBA7D8AF6",
            "versionEndExcluding": "8.5.5.30",
            "versionStartIncluding": "8.5.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BA0DBCF1-7255-420A-B0A4-04C90BAE14F6",
            "versionEndExcluding": "9.0.5.29",
            "versionStartIncluding": "9.0.0.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References