CVE-2016-2945

Published on: 07/07/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:15 PM UTC

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Websphere Application Server from Ibm contain the following vulnerability:

The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.

  • CVE-2016-2945 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Security Bulletin: WebSphere Application Server Liberty API Discovery feature has potential vulnerability (CVE-2016-2945) Vendor Advisory
www-01.ibm.com
text/html
URL Logo CONFIRM www-01.ibm.com/support/docview.wss?uid=swg21984502
WebSphere Application Server Liberty Profile Remote Privilege Escalation Vulnerability cve.report (archive)
text/html
URL Logo BID 91517
IBM notice: The page you requested cannot be displayed www-01.ibm.com
text/html
Inactive LinkNot Archived
URL Logo AIXAPAR PI62450

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationIbmWebsphere Application Server8.5.5.8AllAllAll
ApplicationIbmWebsphere Application Server8.5.5.9AllAllAll
ApplicationIbmWebsphere Application Server8.5.5.8AllAllAll
ApplicationIbmWebsphere Application Server8.5.5.9AllAllAll
  • cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:liberty:*:*:*:
  • cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:liberty:*:*:*:
  • cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:liberty:*:*:*:
  • cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:liberty:*:*:*: