IBM Check out the new support experience beta
There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents.
CVE(s): CVE-2016-2945
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of IBM WebSphere Application Server Liberty for any user of the API Discovery feature with Swagger documents that have external references.
- Version 8.5.5 Liberty Profile
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cznT
X-Force Database: http://ift.tt/292thaQ
from IBM Product Security Incident Response Team http://ift.tt/293ZwET