The vulnerability of WebSphere Application Server for application servers allows attackers to increase their privileges.

The vulnerability of the Discovery programming interface implementation in WebSphere Application Server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by using an external reference in the Swagger document...

CVE-2016-2945

The API Discovery implementation in IBM WebSphere Application Server WAS 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document...