CVE-2016-2945

Name of the Vulnerable Software and Affected Versions WebSphere Application Server versions 8.5.5.8 through 8.5.5.9

Description The issue is related to the implementation of the API Discovery server in WebSphere Application Server, which is associated with insufficient access control. This can be exploited by a remote attacker to gain elevated privileges using an external reference in a Swagger document.

Recommendations For versions 8.5.5.8 through 8.5.5.9, update to Liberty Fix Pack 16.0.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Swagger document to minimize the risk of exploitation.