Lucene search

K
nessusThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.WEBSPHERE_PORTAL_8_5_0_0_CF10.NASL
HistoryAug 18, 2016 - 12:00 a.m.

IBM WebSphere Portal 8.5.0.0 < 8.5.0.0 CF10 Multiple Vulnerabilities

2016-08-1800:00:00
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
www.tenable.com
17

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

57.0%

The version of IBM WebSphere Portal installed on the remote Windows host is 8.5.0.0 prior to 8.5.0.0 CF10. It is, therefore, affected by multiple vulnerabilities :

  • An unspecified flaw exists that is triggered when handling a specially crafted request. An unauthenticated, remote attacker can exploit this to inject arbitrary LDAP content and view, add, modify or delete information in the user repository.
    (CVE-2015-7472)

  • An XXE (XML external entity) injection vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition or disclose sensitive information.
    (CVE-2016-0245)

  • A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user’s browser session. (CVE-2016-2925)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(93027);
  script_version("1.6");
  script_cvs_date("Date: 2018/08/06 14:03:14");

  script_cve_id(
    "CVE-2015-7472",
    "CVE-2016-0245",
    "CVE-2016-2925"
  );
  script_bugtraq_id(
    82548,
    83485,
    92180
  );

  script_name(english:"IBM WebSphere Portal 8.5.0.0 < 8.5.0.0 CF10 Multiple Vulnerabilities");
  script_summary(english:"Checks for the installed patch.");

  script_set_attribute(attribute:"synopsis", value:
"The web portal software installed on the remote Windows host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal installed on the remote Windows
host is 8.5.0.0 prior to 8.5.0.0 CF10. It is, therefore, affected by
multiple vulnerabilities :

  - An unspecified flaw exists that is triggered when
    handling a specially crafted request. An
    unauthenticated, remote attacker can exploit this to
    inject arbitrary LDAP content and view, add, modify or
    delete information in the user repository.
    (CVE-2015-7472)

  - An XXE (XML external entity) injection vulnerability
    exists due to an incorrectly configured XML parser
    accepting XML external entities from an untrusted
    source. An unauthenticated, remote attacker can exploit
    this, via specially crafted XML data, to cause a denial
    of service condition or disclose sensitive information.
    (CVE-2016-0245)

  - A cross-site scripting (XSS) vulnerability exists due to
    improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit this, via a
    specially crafted request, to execute arbitrary script
    code in a user's browser session. (CVE-2016-2925)");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037786#CF10");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Portal version 8.5.0.0 CF10.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date",value:"2016/02/02");
  script_set_attribute(attribute:"patch_publication_date",value:"2016/02/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/18");

  script_set_attribute(attribute:"plugin_type",value:"local");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:ibm:websphere_portal");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");

  script_dependencies("websphere_portal_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Portal");

  exit(0);
}

include("websphere_portal_version.inc");

websphere_portal_check_version(
  ranges:make_list("8.5.0.0, 8.5.0.0"),
  fix:"CF10",
  severity:SECURITY_WARNING,
  xss:TRUE
);
VendorProductVersionCPE
ibmwebsphere_portalcpe:/a:ibm:websphere_portal

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

57.0%

Related for WEBSPHERE_PORTAL_8_5_0_0_CF10.NASL