Lucene search
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.WEBSPHERE_PORTAL_CVE-2014-4808.NASLHistoryOct 30, 2014 - 12:00 a.m.
IBM WebSphere Portal Unspecified Vulnerability (PI25993)
2014-10-3000:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
6
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.4%
The version of IBM WebSphere Portal installed on the remote host is affected by an unspecified code execution vulnerability that allows an authenticated attacker to execute arbitrary code on the system.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(78743);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-4808");
script_bugtraq_id(70757);
script_name(english:"IBM WebSphere Portal Unspecified Vulnerability (PI25993)");
script_summary(english:"Checks for installed patches.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has web portal software installed that is
affected by an unspecified vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal installed on the remote host is
affected by an unspecified code execution vulnerability that allows an
authenticated attacker to execute arbitrary code on the system.");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21684651");
script_set_attribute(attribute:"solution", value:
"IBM has published Interim Fix PI25993. Refer to IBM's advisory for
more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/10/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_dependencies("websphere_portal_installed.nbin");
script_require_keys("installed_sw/IBM WebSphere Portal");
exit(0);
}
include("websphere_portal_version.inc");
websphere_portal_check_version(
ranges:make_list(
"6.1.0.0, 6.1.0.6, CF27",
"6.1.5.0, 6.1.5.3, CF27",
"7.0.0.0, 7.0.0.2, CF28",
"8.0.0.0, 8.0.0.1, CF14"
),
fix:"PI25993",
severity:SECURITY_WARNING
);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_portal | cpe:/a:ibm:websphere_portal |
Related
cve
cve
CVE-2014-4808
2014-10-28 19:55:02
prion
prion
Code injection
2014-10-28 19:55:00
cvelist
cvelist
CVE-2014-4808
2014-10-28 19:00:00
nvd
nvd
CVE-2014-4808
2014-10-28 19:55:02
nessus
nessus
IBM WebSphere Portal 6.1.0.x < 6.1.0.6 CF27 Multiple Vulnerabilities
2014-10-30 00:00:00
IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities
2015-04-17 00:00:00
IBM WebSphere Portal 6.1.5.x < 6.1.5.3 CF27 Multiple Vulnerabilities
2014-10-30 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.4%
Related for WEBSPHERE_PORTAL_CVE-2014-4808.NASL