Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.TIVOLI_STORAGE_MANAGER_VIRTUAL_ENVIRONMENTS_VMWARE_CVE-2015-1988.NASL
HistoryOct 09, 2015 - 12:00 a.m.

IBM TSM for Virtual Environments 6.3.x < 6.3.2.5 / 6.4.x < 6.4.3.1 / 7.1.x < 7.1.3.0 XSS

2015-10-0900:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

27.6%

JSON

The version of IBM Tivoli Storage Manager (TSM) for Virtual Environments installed on the remote host is 6.3.x prior to 6.3.2.5, 6.4.x prior to 6.4.3.1, or 7.1.x prior to 7.1.3.0. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted link, to execute script code in the user’s browser session.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(86324);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/10/25");

  script_cve_id("CVE-2015-1988");
  script_bugtraq_id(76947);

  script_name(english:"IBM TSM for Virtual Environments 6.3.x < 6.3.2.5 / 6.4.x < 6.4.3.1 / 7.1.x < 7.1.3.0 XSS");
  script_summary(english:"Checks the version of TSM for Virtual Environments.");

  script_set_attribute(attribute:"synopsis", value:
"A backup application installed on the remote host is affected by a
cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of IBM Tivoli Storage Manager (TSM) for Virtual
Environments installed on the remote host is 6.3.x prior to 6.3.2.5,
6.4.x prior to 6.4.3.1, or 7.1.x prior to 7.1.3.0. It is, therefore,
affected by a cross-site scripting (XSS) vulnerability due to improper
validation of input before returning it to users. An unauthenticated,
remote attacker can exploit this, via a specially crafted link, to
execute script code in the user's browser session.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21967532");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Tivoli Storage Manager for Virtual Environments version
6.3.2.5 / 6.4.3.1 / 7.1.3.0 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1988");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1988");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_storage_manager_for_virtual_environments");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:spectrum_protect_for_virtual_environments");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tivoli_storage_manager_virtual_environments_installed.nbin", "tivoli_storage_manager_virtual_environments_installed_linux.nbin");
  script_require_keys("installed_sw/Tivoli Storage Manager for Virtual Environments");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
include("smb_func.inc");

app = 'Tivoli Storage Manager for Virtual Environments';

get_install_count(app_name:app, exit_if_zero:TRUE);

install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
version = install["version"];
path = install["path"];
hypervisor = install["Hypervisor"];

app += " for " + hypervisor;

if (hypervisor != "VMware")
  audit(AUDIT_INST_VER_NOT_VULN, app, version);

if (version =~ "^6\.3\.")
  fix = "6.3.2.5";
else if (version =~ "^6\.4\.")
  fix = "6.4.3.1";
else if (version =~ "^7\.1\.")
  fix = "7.1.3.0";
else
  audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);

if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)
  audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);

port = kb_smb_transport();
set_kb_item(name:'www/0/XSS', value:TRUE);

if (report_verbosity > 0)
{
  report =
    '\n  Hypervisor        : ' + hypervisor +
    '\n  Path              : ' + path +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix + '\n';
  security_note(port:port, extra:report);
}
else security_note(port);
VendorProductVersionCPE
ibmtivoli_storage_manager_for_virtual_environmentscpe:/a:ibm:tivoli_storage_manager_for_virtual_environments
ibmspectrum_protect_for_virtual_environmentscpe:/a:ibm:spectrum_protect_for_virtual_environments
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmwarecpe:/a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware

Related

nvd 1
cvelist 1
cve 1
ibm 1
nessus 1
prion 1
nvd
nvd
CVE-2015-1988
2015-10-04 02:59:05
cvelist
cvelist
CVE-2015-1988
2015-10-04 01:00:00
cve
cve
CVE-2015-1988
2015-10-04 02:59:05
ibm
ibm
Security Bulletin: Cross-site Scripting vulnerability affects IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2015-1988)
2018-06-17 15:10:28
nessus
nessus
IBM Tivoli Storage FlashCopy Manager for VMware 3.1.x < 3.1.1.3 / 3.2.x < 3.2.0.6 / 4.1.x < 4.1.3.0 XSS
2015-10-09 00:00:00
prion
prion
Cross site scripting
2015-10-04 02:59:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

27.6%

JSON
Related for TIVOLI_STORAGE_MANAGER_VIRTUAL_ENVIRONMENTS_VMWARE_CVE-2015-1988.NASL
nvd1cvelist1cve1ibm1nessus1prion1