IBM WebSphere Application Server Liberty could provide weaker than expected security
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.
Description: CWE-321 Use of Hard-coded Cryptographic Key
Metrics
Version
Base score
Base severity
Vector
3.1
4.7
MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Version:3.1
Base score:4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH69658. For IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.2: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH69658 --OR-- · Apply Liberty Fix Pack 26.0.0.3 or later (targeted availability 1Q2026). Additional interim fixes may be available and linked off the interim fix download page.