Description
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.
Problem types
CWE-94 Improper Control of Generation of Code ('Code Injection')
Product status
7.6.0 (semver)
7.5.0 (semver)
7.4.0 (semver)
7.3.0 (semver)
References
www.ibm.com/support/pages/node/7277344