There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents.
CVE(s): CVE-2016-2945
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of IBM WebSphere Application Server Liberty for any user of the API Discovery feature with Swagger documents that have external references.
- Version 8.5.5 Liberty Profile
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cznT
X-Force Database: http://ift.tt/292thaQ
from IBM Product Security Incident Response Team http://ift.tt/293clwX
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.