Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.IBM_TMS_CONFIG_SOAP_IS_SECURE.NASL
HistoryJun 30, 2017 - 12:00 a.m.

IBM Tivoli Monitoring SOAP Interface Insecure Configuration Remote SOAP Query Information Disclosure

2017-06-3000:00:00
This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
www.tenable.com
23

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

47.8%

JSON

IBM Tivoli Monitoring, a network asset monitoring platform, is installed on the remote Windows host and is using an insecure configuration. It is, therefore, affected by an information disclosure vulnerability in the SOAP interface due to an insecure default configuration. An unauthenticated, remote attacker can exploit this to disclose SOAP queries that may contain sensitive information.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(101168);
  script_version("1.3");
  script_cvs_date("Date: 2018/07/12 19:01:17");

  script_cve_id("CVE-2016-6083");
  script_bugtraq_id(99259);
  script_xref(name:"IAVA", value:"2017-A-0187");

  script_name(english:"IBM Tivoli Monitoring SOAP Interface Insecure Configuration Remote SOAP Query Information Disclosure");
  script_summary(english:"Checks for configuration option in ms.ini.");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the Windows host is affected by an
information disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"IBM Tivoli Monitoring, a network asset monitoring platform, is
installed on the remote Windows host and is using an insecure
configuration. It is, therefore, affected by an information disclosure
vulnerability in the SOAP interface due to an insecure default
configuration. An unauthenticated, remote attacker can exploit this to
disclose SOAP queries that may contain sensitive information.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22000909");
  script_set_attribute(attribute:"solution", value:
"Apply the interim fix or workaround per the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/30");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_monitoring");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl");
  script_require_ports(139, 445);
  script_require_keys("SMB/Registry/Enumerated", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("misc_func.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_reg_query.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");

# Exit unless we're paranoid because we don't have a good way to validate
# that the Security: Validate User option is configured
if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = kb_smb_transport();
if (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);

app = 'IBM Tivoli Monitoring';
configured_to_be_secure = FALSE;

registry_init();
hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
key  = "SOFTWARE\Candle\OMEGAMON\Directory";
path = get_registry_value(handle:hklm, item:key);
RegCloseKey(handle:hklm);

if (isnull(path))
{
  close_registry();
  audit(AUDIT_NOT_INST, app);
}
close_registry(close:FALSE);

config_file = hotfix_append_path(path:path, value:"\cms\KBBENV");
share = hotfix_path2share(path:path);

file = hotfix_get_file_contents(config_file);
contents = file["data"];

hotfix_handle_error(
  error_code   : file["error"],
  file         : config_file,
  appname      : app,
  exit_on_fail : TRUE
);

if (!contents) audit(AUDIT_FN_FAIL, 'hotfix_get_file_contents', 'no file contents');

# Looking for an uncommented 'SOAP_IS_SECURE=YES'
lines = pgrep(string:contents, pattern:"SOAP_IS_SECURE");

foreach line (split(lines))
{
  pieces = split(line, sep:'=', keep:FALSE);

  conf_opt = strip(pieces[0]);
  conf_val = strip(pieces[1]);

  if (
    conf_opt == 'SOAP_IS_SECURE' &&
    conf_val =~ "^[Yy][Ee][Ss]$"
  )
    configured_to_be_secure = TRUE;
}

if (!configured_to_be_secure)
{
  port = kb_smb_transport();
  if (!port) port = 445;

  security_report_v4(
    port:port,
    severity:SECURITY_WARNING,
    extra: '\n' +
           '\n  Configuration file, "' +
           config_file +
           '" does not contain uncommented "SOAP_IS_SECURE=YES"' +
           '\n'
  );
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app, "unknown", path);
VendorProductVersionCPE
ibmtivoli_monitoringcpe:/a:ibm:tivoli_monitoring

Related

ibm 2
cvelist 1
nvd 1
cve 1
prion 1
ibm
ibm
Security Bulletin: IBM Tivoli Monitoring Soap Server (CVE-2016-6083)
2018-06-17 15:38:00
Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Monitoring shipped with IBM Cloud Orchestrator Enterprise
2018-06-17 22:33:29
cvelist
cvelist
CVE-2016-6083
2017-06-27 16:00:00
nvd
nvd
CVE-2016-6083
2017-06-27 16:29:00
cve
cve
CVE-2016-6083
2017-06-27 16:29:00
prion
prion
Code injection
2017-06-27 16:29:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

47.8%

JSON
Related for IBM_TMS_CONFIG_SOAP_IS_SECURE.NASL
ibm2cvelist1nvd1cve1prion1