vulnerability

IBM WebSphere Application Server: CVE-2018-25031: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Mar 11, 2022

Added

Aug 26, 2022

Modified

Jun 23, 2026

Description

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others

Solution

ibm-was-upgrade-latest

References

CVE-2018-25031
https://attackerkb.com/topics/CVE-2018-25031
IBM-ibm106569505
https://www.ibm.com/support/pages/node/6569505
https://www.cve.org/CVERecord?id=CVE-2018-25031
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-1408
CWE-20
CWE-918
CWE-922
EUVD-EUVD-2022-1408

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report