CVE-2016-2945

The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
ibmwebsphere_application_server
8.5.5.8
ibmwebsphere_application_server
8.5.5.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PI62450
http://www-01.ibm.com/support/docview.wss?uid=swg21984502
http://www.securityfocus.com/bid/91517
http://www-01.ibm.com/support/docview.wss?uid=swg1PI62450
http://www-01.ibm.com/support/docview.wss?uid=swg21984502
http://www.securityfocus.com/bid/91517