CVE-2016-2945 — IBM Websphere Application Server vulnerability

CWE-2645 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedJul 8

Latest updateMay 17

Description

The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

▶NVDibm/websphere_application_server8.5.5.8, 8.5.5.9+1

🔴Vulnerability Details

GHSA

GHSA-rx4f-g37q-fj8w: The API Discovery implementation in IBM WebSphere Application Server (WAS) 8↗2022-05-17

▶

CVEList

CVE-2016-2945: The API Discovery implementation in IBM WebSphere Application Server (WAS) 8↗2016-07-08

▶

💬Community

Bugzilla

CVE-2016-7431 ntp: Zero Origin timestamp regression↗2016-11-22

▶

Bugzilla

CVE-2016-8609 keycloak: account hijacking via auth code fixation↗2016-10-19

▶