{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/websphere-application-server---liberty/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-3621"}],"_cs_exploited":false,"_cs_products":["WebSphere Application Server - Liberty"],"_cs_severities":["medium"],"_cs_tags":["cve-2026-3621","websphere","identity spoofing","cwe-269"],"_cs_type":"advisory","_cs_vendors":["IBM"],"content_html":"\u003cp\u003eCVE-2026-3621 identifies an identity spoofing vulnerability affecting IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.4. This vulnerability arises when applications are deployed on WebSphere Liberty without authentication or authorization mechanisms configured. An attacker could potentially exploit this flaw to impersonate legitimate users or services, gaining unauthorized access to resources and performing actions on their behalf. This vulnerability was reported to IBM and assigned a CVSS v3.1 base score of 7.5, indicating a high potential impact. Successful exploitation allows for unauthorized actions and data access within the vulnerable WebSphere Liberty environment.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a WebSphere Liberty instance running a vulnerable version (17.0.0.3 - 26.0.0.4).\u003c/li\u003e\n\u003cli\u003eThe attacker determines that an application is deployed on the WebSphere Liberty instance without proper authentication or authorization configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request, spoofing the identity of a legitimate user. This might involve manipulating HTTP headers or other request parameters.\u003c/li\u003e\n\u003cli\u003eThe malicious request is sent to the vulnerable application on the WebSphere Liberty server.\u003c/li\u003e\n\u003cli\u003eThe WebSphere Liberty server, lacking proper authentication checks, processes the request under the forged identity.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to resources or performs actions associated with the spoofed identity.\u003c/li\u003e\n\u003cli\u003eThe attacker can potentially escalate privileges by accessing administrative functions or sensitive data accessible to the spoofed user.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-3621 can lead to significant consequences. An attacker could gain unauthorized access to sensitive data, modify application configurations, or perform actions on behalf of legitimate users, potentially leading to data breaches, service disruption, or complete system compromise. The vulnerability is particularly concerning for organizations that rely on WebSphere Liberty for critical applications and have not implemented proper authentication and authorization controls. The number of affected organizations is currently unknown but will depend on the prevalence of vulnerable WebSphere Liberty instances deployed without adequate security measures.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate authentication and authorization configurations to all applications deployed on IBM WebSphere Application Server Liberty to mitigate CVE-2026-3621, as described in \u003ca href=\"https://www.ibm.com/support/pages/node/7270437\"\u003eIBM\u0026rsquo;s advisory\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect WebSphere Liberty Unauthorized Access Attempt\u0026rdquo; to identify suspicious requests lacking authentication headers.\u003c/li\u003e\n\u003cli\u003eUpgrade to a non-vulnerable version of IBM WebSphere Application Server Liberty outside the range of 17.0.0.3 through 26.0.0.4.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-23T00:18:31Z","date_published":"2026-04-23T00:18:31Z","id":"/briefs/2026-04-websphere-spoofing/","summary":"IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.4 are susceptible to identity spoofing when applications are deployed without proper authentication and authorization configurations, potentially leading to unauthorized access and privilege escalation.","title":"IBM WebSphere Liberty Identity Spoofing Vulnerability (CVE-2026-3621)","url":"https://feed.craftedsignal.io/briefs/2026-04-websphere-spoofing/"}],"language":"en","title":"CraftedSignal Threat Feed — WebSphere Application Server - Liberty","version":"https://jsonfeed.org/version/1.1"}