CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.1%
The version of IBM WebSphere Portal installed on the remote Windows host is 8.5.0 prior to 8.5.0.0 CF14 or 9.0.0 prior to CF14. It is, therefore, affected by multiple vulnerabilities :
Multiple cross-site scripting (XSS) vulnerabilities exist in the web UI due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user’s browser session. (CVE-2017-1120, CVE-2017-1217)
A cross-site redirection vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to redirect the unsuspecting user from an intended trusted website to an arbitrary website of the attacker’s choosing, which then can be used to conduct further attacks. (CVE-2017-1156)
A use-after-free error exists in the Outside In Filters subcomponent when handling PageHeight and PageWidth values in VSDX files. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code.
(CVE-2017-3266)
Multiple unspecified flaws exist in the Outside In Filters subcomponent that allow an unauthenticated, remote attacker to cause a denial of service condition.
(CVE-2017-3267, CVE-2017-3268, CVE-2017-3270)
Multiple unspecified flaws exist in the Outside In Filters subcomponent that allow an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2017-3269, CVE-2017-3271, CVE-2017-3293)
A denial of service vulnerability exists in the Outside In Filters subcomponent, specifically in the Content Access functionality within the vspdf.dll library, when parsing the /Pages key in a Catalog Dictionary. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file, to crash an application linked to the library. (CVE-2017-3294)
A denial of service vulnerability exists in the Outside In Filters subcomponent, specifically in the Content Access functionality within the vspdf.dll library, when parsing the /Matrix entry in a /CalRGB element within a PDF file. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file that triggers an invalid read, to crash an application linked to the library. (CVE-2017-3295)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(99236);
script_version("1.6");
script_cvs_date("Date: 2019/11/12");
script_cve_id(
"CVE-2017-1120",
"CVE-2017-1156",
"CVE-2017-1217",
"CVE-2017-3266",
"CVE-2017-3267",
"CVE-2017-3268",
"CVE-2017-3269",
"CVE-2017-3270",
"CVE-2017-3271",
"CVE-2017-3293",
"CVE-2017-3294",
"CVE-2017-3295"
);
script_bugtraq_id(
95507,
95513,
95522,
95524,
95529,
95532,
95534,
95536,
95539,
97075,
98340,
99350
);
script_name(english:"IBM WebSphere Portal 8.5.0 < 8.5.0 CF14 / 9.0.0 < 9.0.0 CF14 Multiple Vulnerabilities");
script_summary(english:"Checks for the installed patch.");
script_set_attribute(attribute:"synopsis", value:
"The web portal software installed on the remote Windows host is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal installed on the remote Windows
host is 8.5.0 prior to 8.5.0.0 CF14 or 9.0.0 prior to CF14. It is,
therefore, affected by multiple vulnerabilities :
- Multiple cross-site scripting (XSS) vulnerabilities
exist in the web UI due to improper validation of
user-supplied input before returning it to users. An
unauthenticated, remote attacker can exploit these, via
a specially crafted request, to execute arbitrary script
code in a user's browser session. (CVE-2017-1120,
CVE-2017-1217)
- A cross-site redirection vulnerability exists due to
improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit this, by
convincing a user to follow a specially crafted link,
to redirect the unsuspecting user from an intended
trusted website to an arbitrary website of the
attacker's choosing, which then can be used to conduct
further attacks. (CVE-2017-1156)
- A use-after-free error exists in the Outside In Filters
subcomponent when handling PageHeight and PageWidth
values in VSDX files. An unauthenticated, remote
attacker can exploit this to deference already freed
memory, resulting in the execution of arbitrary code.
(CVE-2017-3266)
- Multiple unspecified flaws exist in the Outside In
Filters subcomponent that allow an unauthenticated,
remote attacker to cause a denial of service condition.
(CVE-2017-3267, CVE-2017-3268, CVE-2017-3270)
- Multiple unspecified flaws exist in the Outside In
Filters subcomponent that allow an unauthenticated,
remote attacker to impact confidentiality, integrity,
and availability. (CVE-2017-3269, CVE-2017-3271,
CVE-2017-3293)
- A denial of service vulnerability exists in the Outside
In Filters subcomponent, specifically in the Content
Access functionality within the vspdf.dll library, when
parsing the /Pages key in a Catalog Dictionary. An
unauthenticated, remote attacker can exploit this, via a
specially crafted PDF file, to crash an application
linked to the library. (CVE-2017-3294)
- A denial of service vulnerability exists in the Outside
In Filters subcomponent, specifically in the Content
Access functionality within the vspdf.dll library, when
parsing the /Matrix entry in a /CalRGB element within a
PDF file. An unauthenticated, remote attacker can
exploit this, via a specially crafted PDF file that
triggers an invalid read, to crash an application linked
to the library. (CVE-2017-3295)");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037786#CF14");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22000152");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22000153");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22001394");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22004348");
script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Portal version 8.5.0 CF14 / 9.0.0 CF14 or
later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3293");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/17");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_portal_installed.nbin");
script_require_keys("installed_sw/IBM WebSphere Portal");
exit(0);
}
include("websphere_portal_version.inc");
websphere_portal_check_version(
ranges:make_list(
"9.0.0.0, 9.0.0.0, CF14",
"8.5.0.0, 8.5.0.0, CF14"
),
fix:"PI73835",
severity:SECURITY_HOLE,
xss:TRUE
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1156
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1217
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3271
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3294
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3295
www-01.ibm.com/support/docview.wss?uid=swg22000152
www-01.ibm.com/support/docview.wss?uid=swg22000153
www-01.ibm.com/support/docview.wss?uid=swg22001394
www-01.ibm.com/support/docview.wss?uid=swg22004348
www-01.ibm.com/support/docview.wss?uid=swg24037786#CF14
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.1%