5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.002 Low
EPSS
Percentile
51.7%
The version of IBM WebSphere Portal installed on the remote Windows host is affected by an information disclosure vulnerability exists in Web Application Bridge component. An unauthenticated, remote attacker can exploit this, to disclose potentially sensitive information.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(128995);
script_version("1.2");
script_cvs_date("Date: 2019/10/17 14:31:04");
script_cve_id("CVE-2017-1423");
script_bugtraq_id(102255);
script_name(english:"IBM WebSphere Portal Information Disclosure Vulnerability (CVE-2017-1423)");
script_summary(english:"Checks for the installed patches.");
script_set_attribute(attribute:"synopsis", value:
"The web portal application installed on remote Windows host is
affected by an informaiton disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal installed on the remote Windows host is affected by an information disclosure
vulnerability exists in Web Application Bridge component. An unauthenticated, remote attacker can exploit this, to
disclose potentially sensitive information.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22011400");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate fixes according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1423");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/25");
script_set_attribute(attribute:"patch_publication_date", value:"2018/09/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/18");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_portal_installed.nbin");
script_require_keys("installed_sw/IBM WebSphere Portal", "Settings/ParanoidReport");
exit(0);
}
include("websphere_portal_version.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
websphere_portal_check_version(
checks:make_array(
"8.5.0.0, 8.5.0.0, CF14", make_list("CF15"),
"9.0.0.0, 9.0.0.0, CF14", make_list("CF15")
),
severity:SECURITY_WARNING
);
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_portal | cpe:/a:ibm:websphere_portal |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.002 Low
EPSS
Percentile
51.7%