5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
71.3%
The version of IBM WebSphere Portal installed on the remote Windows host is affected by an information disclosure vulnerability due to improper access control enforcement of the REST API. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to gain access to potentially sensitive information.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(87775);
script_version("1.8");
script_cvs_date("Date: 2019/11/22");
script_cve_id("CVE-2015-7447");
script_bugtraq_id(79511);
script_name(english:"IBM WebSphere Portal AccessControl REST API Information Disclosure (PI51395)");
script_summary(english:"Checks for the installed patches.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has web portal software installed that is
affected by an information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal installed on the remote Windows
host is affected by an information disclosure vulnerability due to
improper access control enforcement of the REST API. An
unauthenticated, remote attacker can exploit this, via a specially
crafted request, to gain access to potentially sensitive information.");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21973152");
script_set_attribute(attribute:"solution", value:
"Apply the vendor-supplied interim fix, or upgrade to the appropriate
cumulative fix referenced in the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7447");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/15");
script_set_attribute(attribute:"patch_publication_date", value:"2015/12/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_portal_installed.nbin");
script_require_keys("installed_sw/IBM WebSphere Portal");
exit(0);
}
include("websphere_portal_version.inc");
websphere_portal_check_version(
ranges:make_list(
"8.5.0.0, 8.5.0.0, CF08",
"8.0.0.0, 8.0.0.1, CF19",
"7.0.0.0, 7.0.0.2, CF29",
"6.1.5.0, 6.1.5.3, CF27",
"6.1.0.0, 6.1.0.6, CF27"
),
fix:"PI51395",
severity:SECURITY_WARNING
);
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_portal | cpe:/a:ibm:websphere_portal |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
71.3%