ID CVE-2015-7491 Type cve Reporter cve@mitre.org Modified 2016-03-02T14:30:00
Description
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Appropriate Vendor Advisory Link: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21976358">HERE</a>
{"openvas": [{"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7491"], "description": "IBM WebSphere Portal is prone to a cross-site scripting vulnerability.", "modified": "2018-11-15T00:00:00", "published": "2016-08-25T00:00:00", "id": "OPENVAS:1361412562310106205", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106205", "type": "openvas", "title": "IBM WebSphere Portal XSS Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_websphere_portal_CVE-2015-7491.nasl 12363 2018-11-15 09:51:15Z asteins $\n#\n# IBM WebSphere Portal XSS Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:ibm:websphere_portal';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106205\");\n script_version(\"$Revision: 12363 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-15 10:51:15 +0100 (Thu, 15 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-25 14:33:21 +0700 (Thu, 25 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2015-7491\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"IBM WebSphere Portal XSS Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_ibm_websphere_portal_detect.nasl\");\n script_mandatory_keys(\"ibm_websphere_portal/installed\");\n\n script_tag(name:\"summary\", value:\"IBM WebSphere Portal is prone to a cross-site scripting vulnerability.\");\n\n script_tag(name:\"insight\", value:\"IBM WebSphere Portal is vulnerable to cross-site scripting, caused by\nimproper validation of user-supplied input. A remote attacker could exploit this vulnerability using a\nspecially-crafted URL to execute script in a victim's Web browser within the security context of the hosting\nWeb site, once the URL is clicked.\");\n\n script_tag(name:\"impact\", value:\"An attacker could use this vulnerability to steal the victim's\ncookie-based authentication credentials.\");\n\n script_tag(name:\"affected\", value:\"WebSphere Portal 8.5 and 8.0\");\n\n script_tag(name:\"solution\", value:\"Check the vendor's advisory for sulutions.\");\n\n script_xref(name:\"URL\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg21976358\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version =~ \"^8\\.5\\.0\") {\n if (version_is_less(version: version, test_version: \"8.5.0.0.9\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.5.0.0 CF09\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^8\\.0\\.0\") {\n if (version_is_less(version: version, test_version: \"8.0.0.1.20\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.0.1 CF20\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-04-01T07:45:47", "description": "The IBM WebSphere Portal installed on the remote host is version\n6.1.0.x prior to 6.1.0.6 CF27 with patches, 6.1.5.x prior to 6.1.5.3\nCF27 with patches, 7.0.0.x prior to 7.0.0.2 CF29 with patches, 8.0.0.x\nprior to 8.0.0.1 CF20, or 8.5.0.0 prior to 8.5.0.0 CF09 with patches.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An open redirect vulnerability exists due to improper\n validation of input before returning it to the user. An\n attacker can exploit this, via a specially crafted link,\n to redirect a victim to an arbitrary website.\n (CVE-2015-7428)\n\n - A security bypass vulnerability exists due to insecure\n permissions. A remote attacker can exploit this to make\n changes to content items. (CVE-2015-7455)\n\n - Multiple unspecified cross-site scripting\n vulnerabilities exist due to improper validation of\n user-supplied input. A remote attacker can exploit this,\n via a specially crafted request, to execute arbitrary\n script code in a user's browser session. (CVE-2015-7457,\n CVE-2015-7491, CVE-2016-0243, CVE-2016-0244)\n\n - An XML External Entity (XXE) injection vulnerability\n exists due to an incorrectly configured XML parser\n accepting XML external entities from an untrusted\n source. A remote attacker can exploit this, via\n specially crafted XML data, to cause a denial of service\n condition or to disclose sensitive information.\n (CVE-2016-0245)", "edition": 29, "cvss3": {"score": 7.4, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"}, "published": "2016-03-04T00:00:00", "title": "IBM WebSphere Portal Multiple Vulnerabilities (swg21976358)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0245", "CVE-2015-7457", "CVE-2015-7455", "CVE-2016-0244", "CVE-2015-7428", "CVE-2015-7491", "CVE-2016-0243"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_portal"], "id": "WEBSPHERE_PORTAL_SWG21976358.NASL", "href": "https://www.tenable.com/plugins/nessus/89689", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89689);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-7428\",\n \"CVE-2015-7455\",\n \"CVE-2015-7457\",\n \"CVE-2015-7491\",\n \"CVE-2016-0243\",\n \"CVE-2016-0244\",\n \"CVE-2016-0245\"\n );\n\n script_name(english:\"IBM WebSphere Portal Multiple Vulnerabilities (swg21976358)\");\n script_summary(english:\"Checks for the install patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The web portal software installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Portal installed on the remote host is version\n6.1.0.x prior to 6.1.0.6 CF27 with patches, 6.1.5.x prior to 6.1.5.3\nCF27 with patches, 7.0.0.x prior to 7.0.0.2 CF29 with patches, 8.0.0.x\nprior to 8.0.0.1 CF20, or 8.5.0.0 prior to 8.5.0.0 CF09 with patches.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An open redirect vulnerability exists due to improper\n validation of input before returning it to the user. An\n attacker can exploit this, via a specially crafted link,\n to redirect a victim to an arbitrary website.\n (CVE-2015-7428)\n\n - A security bypass vulnerability exists due to insecure\n permissions. A remote attacker can exploit this to make\n changes to content items. (CVE-2015-7455)\n\n - Multiple unspecified cross-site scripting\n vulnerabilities exist due to improper validation of\n user-supplied input. A remote attacker can exploit this,\n via a specially crafted request, to execute arbitrary\n script code in a user's browser session. (CVE-2015-7457,\n CVE-2015-7491, CVE-2016-0243, CVE-2016-0244)\n\n - An XML External Entity (XXE) injection vulnerability\n exists due to an incorrectly configured XML parser\n accepting XML external entities from an untrusted\n source. A remote attacker can exploit this, via\n specially crafted XML data, to cause a denial of service\n condition or to disclose sensitive information.\n (CVE-2016-0245)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg21976358\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate fixes per the vendor advisory.\n\n - For 6.1.0.x, upgrade to version 6.1.0.6 CF27 and apply\n interim fixes PI54088 and PI55327.\n\n - For 6.1.5.x, upgrade to version 6.1.5.3 CF27 and apply\n interim fixes PI54088 and PI55327.\n\n - For 7.0.0.x, upgrade to version 7.0.0.2 CF29 and apply\n interim fixes PI51234, PI55327, and PI54088.\n\n - For 8.0.0.x, upgrade to version 8.0.0.1 CF20.\n\n - For 8.5.0.x, upgrade to version 8.5.0 CF09 and apply\n interim fix PI56682.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7428\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_portal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_portal_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Portal\");\n\n exit(0);\n}\n\ninclude(\"websphere_portal_version.inc\");\n\nwebsphere_portal_check_version(\n checks:make_array(\n \"8.5.0.0, 8.5.0.0, CF00-CF09\", make_list('PI56682'),\n \"8.0.0.0, 8.0.0.1\", make_list(\"CF20\"),\n \"7.0.0.0, 7.0.0.2, CF00-CF29\", make_list('PI51234', 'PI54088', 'PI55327'),\n \"6.1.5.0, 6.1.5.3, CF00-CF27\", make_list('PI54088', 'PI55327'),\n \"6.1.0.0, 6.1.0.6, CF00-CF27\", make_list('PI54088', 'PI55327')\n ),\n severity:SECURITY_WARNING,\n xss: TRUE\n);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}]}
