Vigil@nce - WebSphere Application Server: privilege escalation via API Discovery
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can craft a Swagger document with external references
via the Discovery API of WebSphere Application Server, in order to
escalate his privileges.
Impacted products: WebSphere AS.
Severity: 2/4.
Creation date: 30/06/2016.
DESCRIPTION OF THE VULNERABILITY
The WebSphere Application Server product offers an API to
development.
However, the API Discovery feature offers a security level weaker
than expected when one use external references in a Swagger
document.
An attacker can therefore craft a Swagger document with external
references via the Discovery API of WebSphere Application Server,
in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN