Vulnerability CVE-2016-2945

Vulnerability Name:

CVE-2016-2945 (CCN-113591)

Assigned:

2016-06-27

Published:

2016-06-27

Updated:

2016-11-28

Summary:

The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
4.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2016-2945

Source: AIXAPAR
Type: UNKNOWN
PI62450

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21984502

Source: CCN
Type: IBM Security Bulletin 1984977 (WebSphere Application Server for Bluemix)
Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

Source: CCN
Type: IBM Security Bulletin 1986006 (Liberty for Java for Bluemix)
Several vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-2923, CVE-2016-2945, CVE-2016-0359)

Source: CCN
Type: IBM Security Bulletin 1984502 (WebSphere Application Server)
WebSphere Application Server Liberty API Discovery feature has potential vulnerability (CVE-2016-2945)

Source: BID
Type: UNKNOWN
91517

Source: CCN
Type: BID-91517
WebSphere Application Server Liberty Profile Remote Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
ibm-websphere-cve20162945-priv-escalation(113591)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_application_server:8.5.5.8:*:*:*:liberty:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.9:*:*:*:liberty:*:*:*

Denotes that component is vulnerable

BACK