Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.WEBSPHERE_CVE-2018-1798.NASL
HistoryApr 30, 2020 - 12:00 a.m.

IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Cross-Site Scripting Vulnerability

2020-04-3000:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

A cross-site scripting (XSS) vulnerability exists in WebSphere Application Server using SIBMsgMigration Utility due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by embeding arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136183);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/30");

  script_cve_id("CVE-2018-1798");

  script_name(english:"IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Cross-Site Scripting Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a directory traversal vulnerability");
  script_set_attribute(attribute:"description", value:
"A cross-site scripting (XSS) vulnerability exists in WebSphere Application Server using SIBMsgMigration Utility due to
improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this,
by embeding arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to
credentials disclosure within a trusted session");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/730703");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Application Server version reccomended in the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1798");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/11/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/30");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl", "ibm_enum_products.nbin", "ibm_websphere_application_server_nix_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Application Server");

  exit(0);
}

include('vcf.inc');


app = 'IBM WebSphere Application Server';
fix = 'Interim Fix PH03492';

get_install_count(app_name:app, exit_if_zero:TRUE);
app_info = vcf::combined_get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:4);

# If the detection is only remote, Source will be set, and we should require paranoia
if (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)
  audit(AUDIT_PARANOID);

if ('PH03492' >< app_info['Fixes'])
  audit(AUDIT_INST_VER_NOT_VULN, app);

constraints = [
  {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_display':'Remove the SIBMsgMigrationUtility'},
  {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_display':'8.0.0.15 ' + fix},
  {'min_version':'8.5.0.0', 'max_version':'8.5.5.14', 'fixed_display':'8.5.5.14 ' + fix + ' or 8.5.5.15'},
  {'min_version':'9.0.0.0', 'max_version':'9.0.0.9', 'fixed_display':'9.0.0.9 ' + fix + ' or 9.0.0.10'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
ibmwebsphere_application_servercpe:/a:ibm:websphere_application_server

Related

prion 1
ibm 18
cve 1
prion
prion
Cross site scripting
2018-11-12 16:29:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2018-1798)
2018-12-07 14:50:01
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2018-1798)
2018-11-28 00:05:01
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2018-1798)
2019-01-03 00:00:02
cve
cve
CVE-2018-1798
2018-11-12 16:29:00
JSON
Related for WEBSPHERE_CVE-2018-1798.NASL
prion1ibm18cve1