There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server.

A user action is needed to update your instances.

For more information, see the security bulletin.