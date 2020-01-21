Vigil@nce - Swagger UI: information disclosure via RPO Input Field Value Exfiltration

March 2020 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer/Computer...

SYNTHESIS OF THE VULNERABILITY

Impacted products: WebSphere AS Liberty.

Severity: 2/4.

Consequences: data reading.

Provenance: internet server.

Confidence: confirmed by the editor (5/5).

Creation date: 21/01/2020.

DESCRIPTION OF THE VULNERABILITY

An attacker can bypass access restrictions to data via RPO Input Field Value Exfiltration of Swagger UI, in order to obtain sensitive information.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/...