Security researchers are warning of a set of flaws affecting IBM WebSphere Liberty, a lightweight, modular Java application server, that can be chained into a full server compromise. The flaws, a total of seven, that led to the ultimate compromise of the server were initiated by a newly discovered pre-authentication issue in the platform’s SAML Web SSO component that enables low-privilege access. From there, the chain manipulates authentication, access control, and cryptographic protection to achieve full control. “The 7 flaws we reported to IBM create multiple pathways for attackers to move from network-level exposure or limited access to full server compromise,” Oligo Security researchers ...