CVE Catalog

CVE-2026-11708

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

IBM WebSphere Application Server 9.0 and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system. This allows an attacker to inject malicious script into the help page.

Risk Assessment

An attacker could exploit this vulnerability to steal administrator sessions, take over accounts, or perform unauthorized actions in the administrative console.

Recommendation

It is recommended to immediately update IBM WebSphere Application Server to the latest version containing the security fix. Until the update, restrict access to the administrative console to trusted networks only.

Original NVD description (English source)

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS