Overview.

---

IBM has released security updates that address vulnerabilities found in WebSphere Application Server Liberty and Total Storage Service Console (TSSC)/TS4500 IMC.

Affected products and vulnerabilities.

---

• CVE-2026-3621: Identity disguising vulnerability in IBM WebSphere Application Server – Liberty, affected versions are 17.0.0.3 and above through 26.0.0.4 and below.
• CVE-2026-5935: Arbitrary command execution (OS command injection) vulnerability in TSSC/TS4500 IMC; affected IMC versions are 9.2 through 9.6 series.

Workaround.

---

• the vulnerabilities have been patched with IBM’s latest security updates and advisory versions for each product have been released.
• For TSSC/IMC, the patch versions are 9.4.31, 9.6.15, and the internal patch name (9.X.XFixOSCommandInjection2026-04-06).
• Detailed patch versions and application instructions for WebSphere Liberty can be found in the IBM security bulletin.

Advisories and Notes.

---

• environments running the affected products should update to the published patch versions.
• for additional information and patching instructions, please refer to the IBM security bulletin link.

References.

---

• IBM Security Bulletin: CVE-2026-3621 announcement page.
• IBM Security Bulletin: Announcement page for CVE-2026-5935.