IBM Check out the new support experience beta

There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents.

CVE(s): CVE-2016-2945

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server Liberty for any user of the API Discovery feature with Swagger documents that have external references.

  • Version 8.5.5 Liberty Profile

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cznT
X-Force Database: http://ift.tt/292thaQ



from IBM Product Security Incident Response Team http://ift.tt/297utbz