6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.4%
The version of IBM WebSphere Portal installed on the remote host is affected by an unspecified code execution vulnerability that allows an authenticated attacker to execute arbitrary code on the system.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(78743);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-4808");
script_bugtraq_id(70757);
script_name(english:"IBM WebSphere Portal Unspecified Vulnerability (PI25993)");
script_summary(english:"Checks for installed patches.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has web portal software installed that is
affected by an unspecified vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal installed on the remote host is
affected by an unspecified code execution vulnerability that allows an
authenticated attacker to execute arbitrary code on the system.");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21684651");
script_set_attribute(attribute:"solution", value:
"IBM has published Interim Fix PI25993. Refer to IBM's advisory for
more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/10/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_dependencies("websphere_portal_installed.nbin");
script_require_keys("installed_sw/IBM WebSphere Portal");
exit(0);
}
include("websphere_portal_version.inc");
websphere_portal_check_version(
ranges:make_list(
"6.1.0.0, 6.1.0.6, CF27",
"6.1.5.0, 6.1.5.3, CF27",
"7.0.0.0, 7.0.0.2, CF28",
"8.0.0.0, 8.0.0.1, CF14"
),
fix:"PI25993",
severity:SECURITY_WARNING
);
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_portal | cpe:/a:ibm:websphere_portal |