Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone AGOPENVAS:1361412562310106209
HistoryAug 26, 2016 - 12:00 a.m.

IBM WebSphere Portal Open Redirect Vulnerability

2016-08-2600:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
11

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.7%

JSON

IBM WebSphere Portal is prone to an open redirect vulnerability.

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = 'cpe:/a:ibm:websphere_portal';

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106209");
  script_version("2023-07-20T05:05:17+0000");
  script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
  script_tag(name:"creation_date", value:"2016-08-26 11:13:20 +0700 (Fri, 26 Aug 2016)");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");

  script_cve_id("CVE-2015-1921");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("IBM WebSphere Portal Open Redirect Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_ibm_websphere_portal_detect.nasl");
  script_mandatory_keys("ibm_websphere_portal/installed");

  script_tag(name:"summary", value:"IBM WebSphere Portal is prone to an open redirect vulnerability.");

  script_tag(name:"insight", value:"IBM WebSphere Portal could allow a remote attacker to conduct phishing
attacks, caused by an open redirect vulnerability.");

  script_tag(name:"impact", value:"An attacker could exploit this vulnerability using a specially-crafted
URL to redirect a victim to arbitrary Web sites.");

  script_tag(name:"affected", value:"WebSphere Portal 8.5 and 8.0");

  script_tag(name:"solution", value:"Check the vendor's advisory for sulutions.");

  script_xref(name:"URL", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21884060");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!version = get_app_version(cpe: CPE, port: port))
  exit(0);

if (version =~ "^8\.5\.0") {
  if (version_is_less(version: version, test_version: "8.5.0.0.6")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "8.5.0.0 CF06");
    security_message(port: port, data: report);
    exit(0);
  }
}

if (version =~ "^8\.0\.0") {
  if (version_is_less(version: version, test_version: "8.0.0.1.17")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "8.0.0.1 CF17");
    security_message(port: port, data: report);
    exit(0);
  }
}

exit(0);

Related

prion 1
cvelist 1
cve 1
nessus 3
prion
prion
Open redirect
2015-05-25 00:59:00
cvelist
cvelist
CVE-2015-1921
2015-05-25 00:00:00
cve
cve
CVE-2015-1921
2015-05-25 00:59:00
nessus
nessus
IBM WebSphere Portal Unspecified Open Redirect (PI38632)
2015-05-28 00:00:00
IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF17 Multiple Vulnerabilities
2015-07-07 00:00:00
IBM WebSphere Portal 8.5.0 < 8.5.0 CF06 Multiple Vulnerabilities
2015-05-28 00:00:00

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.7%

JSON
Related for OPENVAS:1361412562310106209
prion1cvelist1cve1nessus3