ID CVE-2014-3055 Type cve Reporter cve@mitre.org Modified 2017-08-29T01:34:00
Description
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
{"nessus": [{"lastseen": "2019-11-03T12:38:43", "bulletinFamily": "scanner", "description": "The version of IBM WebSphere Portal on the remote host is affected by\nmultiple vulnerabilities in the Unified Task List (UTL) portlet :\n\n - An unspecified open redirect vulnerability exists that\n allows a remote attacker to perform a phishing attack\n by enticing a user to click a malicious URL.\n (CVE-2014-3054)\n\n - A SQL injection vulnerability exists that allows a\n remote attacker who is a trusted user to manipulate or\n inject SQL queries into the back-end database.\n (CVE-2014-3055)\n\n - An information disclosure vulnerability exists that\n allows remote attackers to view environment variables\n and certain JAR files along with the versions.\n (CVE-2014-3056)\n\n - A cross-site scripting vulnerability exists that allows\n a remote attacker to execute arbitrary code in a user", "modified": "2019-11-02T00:00:00", "id": "WEBSPHERE_PORTAL_SWG21677032.NASL", "href": "https://www.tenable.com/plugins/nessus/77541", "published": "2014-09-05T00:00:00", "title": "IBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77541);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/06 14:03:14\");\n\n script_cve_id(\n \"CVE-2014-3054\",\n \"CVE-2014-3055\",\n \"CVE-2014-3056\",\n \"CVE-2014-3057\"\n );\n script_bugtraq_id(68924, 68925, 68928, 68929);\n\n script_name(english:\"IBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909)\");\n script_summary(english:\"Checks for an installed patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has web portal software installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM WebSphere Portal on the remote host is affected by\nmultiple vulnerabilities in the Unified Task List (UTL) portlet :\n\n - An unspecified open redirect vulnerability exists that\n allows a remote attacker to perform a phishing attack\n by enticing a user to click a malicious URL.\n (CVE-2014-3054)\n\n - A SQL injection vulnerability exists that allows a\n remote attacker who is a trusted user to manipulate or\n inject SQL queries into the back-end database.\n (CVE-2014-3055)\n\n - An information disclosure vulnerability exists that\n allows remote attackers to view environment variables\n and certain JAR files along with the versions.\n (CVE-2014-3056)\n\n - A cross-site scripting vulnerability exists that allows\n a remote attacker to execute arbitrary code in a user's\n browser. (CVE-2014-3057)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677032\");\n # https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fixes-available-for-security-vulnerabilities-in-ibm-websphere-portal-related-to-unified-task-list-utl-portlet-cve-2014-3054-cve-2014-3055-cve-2014-3056-cve-2014-3057/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77124e50\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to 8.0.0.1 CF12 (PI14791) and then apply Interim Fix PI18909\nor 8.0.0.1 CF13 (PI17735) or apply the workaround. Refer to IBM's\nadvisory for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_portal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_portal_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Portal\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"websphere_portal_version.inc\");\n\nportlets = make_array();\n\npaa = \"Unified Task List (UTL)\";\nportlets[paa][\"Cell File\"] = \"\\PA_WPF.ear\\unifiedtasklist.war\\utl-version.properties\";\nportlets[paa][\"WP Ranges\"] = make_list(\"8.0.0.0, 8.0.0.1\");\n\nwebsphere_portal_check_version(\n ranges:make_list(\"8.0.0.0, 8.0.0.1, CF12\"),\n fix:\"PI14791\",\n portlets:portlets,\n req_vuln_portlets:make_list(paa),\n severity:SECURITY_HOLE,\n sqli:TRUE,\n xss: TRUE\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:38:43", "bulletinFamily": "scanner", "description": "The version of IBM WebSphere Portal on the remote host is affected by\nmultiple vulnerabilities in the Unified Task List (UTL) portlet :\n\n - An unspecified open redirect vulnerability exists that\n allows a remote attacker to perform a phishing attack\n by enticing a user to click a malicious URL.\n (CVE-2014-3054)\n\n - A SQL injection vulnerability exists that allows a\n remote attacker who is a trusted user to manipulate or\n inject SQL queries into the back-end database.\n (CVE-2014-3055)\n\n - An information disclosure vulnerability exists that\n allows remote attackers to view environment variables\n and certain JAR files along with the versions.\n (CVE-2014-3056)\n\n - A cross-site scripting vulnerability exists that allows\n a remote attacker to execute arbitrary code in a user", "modified": "2019-11-02T00:00:00", "id": "WEBSPHERE_PORTAL_UTL_PORTLET_SWG21677032.NASL", "href": "https://www.tenable.com/plugins/nessus/77542", "published": "2014-09-05T00:00:00", "title": "IBM WebSphere Portal 7.0.0.x Unified Task List Portlet < 6.0.1 Multiple Vulnerabilities (PI18909)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77542);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2014-3054\",\n \"CVE-2014-3055\",\n \"CVE-2014-3056\",\n \"CVE-2014-3057\"\n );\n script_bugtraq_id(68924, 68925, 68928, 68929);\n\n script_name(english:\"IBM WebSphere Portal 7.0.0.x Unified Task List Portlet < 6.0.1 Multiple Vulnerabilities (PI18909)\");\n script_summary(english:\"Checks for installed portlet.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has web portal software installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM WebSphere Portal on the remote host is affected by\nmultiple vulnerabilities in the Unified Task List (UTL) portlet :\n\n - An unspecified open redirect vulnerability exists that\n allows a remote attacker to perform a phishing attack\n by enticing a user to click a malicious URL.\n (CVE-2014-3054)\n\n - A SQL injection vulnerability exists that allows a\n remote attacker who is a trusted user to manipulate or\n inject SQL queries into the back-end database.\n (CVE-2014-3055)\n\n - An information disclosure vulnerability exists that\n allows remote attackers to view environment variables\n and certain JAR files along with the versions.\n (CVE-2014-3056)\n\n - A cross-site scripting vulnerability exists that allows\n a remote attacker to execute arbitrary code in a user's\n browser. (CVE-2014-3057)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677032\");\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_related_to_unified_task_list_utl_portlet_cve_2014_3054_cve_2014_3055_cve_2014_3056_cve_2014_3057?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc07a8d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Unified Task List portlet 6.0.1 or later. Refer to IBM's\nadvisory for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_portal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_portal_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Portal\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"websphere_portal_version.inc\");\n\npaa_ver = UNKNOWN_VER;\npaa_fix = \"6.0.1\";\n\npaa = \"Unified Task List\";\nportlets[paa][\"Fixed Version\"] = \"6.0.1\";\nportlets[paa][\"File\"] = \"\\..\\paa\\unifiedtasklist\\components\\unifiedtasklist\\version\\checklists.common.component\";\nportlets[paa][\"Version Regex\"] = 'spec-version=\"([0-9\\\\.]+)\"\\\\s*/>';\nportlets[paa][\"WP Ranges\"] = make_list(\"7.0.0.0, 7.0.0.2\");\n\n\nwebsphere_portal_check_version(\n portlets:portlets,\n severity:SECURITY_HOLE,\n xss :TRUE,\n sqli :TRUE\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}