Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.WEBSPHERE_CVE-2020-4448.NASL
HistoryJun 12, 2020 - 12:00 a.m.

IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Remote Code Execution (CVE-2020-4448)

2020-06-1200:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.4. It is, therefore, affected by a remote code execution vulnerability. An authenticated, remote attacker can exploit this by sending a specially crafted sequence of serialized objects to cause remote code execution on the system.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(137398);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/30");

  script_cve_id("CVE-2020-4448");
  script_xref(name:"IAVA", value:"2020-A-0254-S");

  script_name(english:"IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Remote Code Execution (CVE-2020-4448)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a remote code execution vulnerability");
  script_set_attribute(attribute:"description", value:
"The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through
8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.4. It is, therefore, affected by a remote code execution
vulnerability. An authenticated, remote attacker can exploit this by sending a specially crafted sequence of 
serialized objects to cause remote code execution on the system.");
  script_set_attribute(attribute:"see_also", value:"https://exchange.xforce.ibmcloud.com/vulnerabilities/181228");
  # https://www.ibm.com/support/pages/node/6220336
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7972faa3");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Application Server 8.5.5.18, 9.0.5.4, or later. Alternatively, upgrade to the minimal fix pack
levels required by the interim fix and then apply Interim Fix PH25216.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-4448");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/12");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl", "ibm_enum_products.nbin", "ibm_websphere_application_server_nix_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Application Server");

  exit(0);
}

include('vcf.inc');


app = 'IBM WebSphere Application Server';
fix = 'Interim Fix PH25216';

get_install_count(app_name:app, exit_if_zero:TRUE);
app_info = vcf::combined_get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:4);

# If the detection is only remote, Source will be set, and we should require paranoia
if (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)
  audit(AUDIT_PARANOID);

if ('PH25216' >< app_info['Fixes'])
  audit(AUDIT_INST_VER_NOT_VULN, app);

constraints = [
  {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':fix},
  {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':fix},
  {'min_version':'8.5.0.0', 'max_version':'8.5.5.17', 'fixed_version':'8.5.5.18 or ' + fix},
  {'min_version':'9.0.0.0', 'max_version':'9.0.5.3', 'fixed_version':'9.0.5.4 or ' + fix}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
ibmwebsphere_application_servercpe:/a:ibm:websphere_application_server

Related

ibm 27
prion 1
zdi 1
cve 1
ibm
ibm
Security Bulletin: Remote code execution vulnerability in WebSphere Application Server shipped with IBM Cloud Pak for Applications (CVE-2020-4448)
2020-07-21 19:17:14
Security Bulletin: A vulnerability in WebSphere Application Server ND affects IBM Operations Analytics Predictive Insights (CVE-2020-4448)
2020-08-20 18:55:46
Security Bulletin: A security vulnerability has been identified in WebSphereยฎ Application Server shipped with IBMยฎ Intelligent Operations Center (CVE-2020-4448)
2020-06-25 11:46:37
prion
prion
Code injection
2020-06-05 17:15:00
zdi
zdi
IBM WebSphere UploadFileArgument Directory Traversal Remote Code Execution Vulnerability
2020-06-05 00:00:00
cve
cve
CVE-2020-4448
2020-06-05 17:15:00
JSON
Related for WEBSPHERE_CVE-2020-4448.NASL
ibm27prion1zdi1cve1