Horizon Alert
Summary of the vulnerability and why it matters
This advisory concerns a critical vulnerability in IBM WebSphere Application Server, specifically within the Liberty profile when the apiDiscovery-1.0 feature is active. The flaw allows for server-side request forgery, meaning an attacker could trick the server into making requests on their behalf. This could potentially lead to unauthorized access to internal resources or sensitive data, depending on how the application server is configured and what it is connected to.
- Server sends requests on behalf of attackers.
- Critical vulnerability in widely used IBM software.
- Focus on confirming impact and exposure.
Attack Path
How an attacker could exploit the issue
An attacker can initiate a server-side request forgery by sending specially crafted requests to an exposed IBM WebSphere Application Server Liberty instance. This is possible when the `apiDiscovery-1.0` feature is enabled, allowing the attacker to trick the server into making requests to arbitrary resources. Successful exploitation could lead to significant compromise of the server's data and functionality.
- Requires no special access or authentication.
- Triggered via network requests to `apiDiscovery-1.0`.
- High risk to confidentiality, integrity, and availability.
Live Threat
Current exploitation, exposure, and threat context
When the `apiDiscovery-1.0` feature is enabled, this vulnerability could allow an unauthenticated attacker to make the server issue network requests to arbitrary hosts, potentially exposing internal network resources or sensitive information.
- Internal network access could be exposed.
- Attackers could send forged requests to internal services.
- Sensitive information disclosure may occur.
Operational Fix
Recommended remediation, mitigation, and detection steps
The IBM WebSphere Application Server - Liberty environment, particularly when the `apiDiscovery-1.0` feature is enabled, requires attention from platform and application owners. The initial practical move is to inventory all instances of this technology, determine their exposure and criticality, and identify the accountable owner before planning remediation efforts.
- Platform and application owners should manage this.
- Verify `apiDiscovery-1.0` feature status and exposure.
- Plan remediation based on asset criticality.