wid-sec-w-2026-0845 · Published 2026-03-24 · View on BSI CERT-Bund ↗

IBM WebSphere Application Server Liberty: Multiple Vulnerabilities

CVSS 8.7 HIGH

Risk Summary

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

CVEs (4)

CVE-2025-14915 CVE-2025-14917 CVE-2026-1561 CVE-2026-29063

Affected Vendors

IBM

Affected Products (9)

IBM · DataPower Gateway 10.6.0.0-10.6.0.8

IBM · DataPower Gateway 10.6.1.0-10.6.6.0

IBM · WebSphere Application Server Liberty <26.0.0.4

IBM · WebSphere Application Server Liberty 26.0.0.4

IBM · i 7.5

IBM · i 7.2

IBM · i 7.4

IBM · i 7.3

IBM · i 7.6

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more