5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.5 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.3%
IBM WebSphere Portal is prone to an information disclosure vulnerability.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = 'cpe:/a:ibm:websphere_portal';
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106228");
script_version("2023-07-21T05:05:22+0000");
script_tag(name:"last_modification", value:"2023-07-21 05:05:22 +0000 (Fri, 21 Jul 2023)");
script_tag(name:"creation_date", value:"2016-09-07 15:24:46 +0700 (Wed, 07 Sep 2016)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-12-07 18:24:00 +0000 (Wed, 07 Dec 2016)");
script_cve_id("CVE-2015-7447");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("IBM WebSphere Portal Information Disclosure Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_ibm_websphere_portal_detect.nasl");
script_mandatory_keys("ibm_websphere_portal/installed");
script_tag(name:"summary", value:"IBM WebSphere Portal is prone to an information disclosure vulnerability.");
script_tag(name:"insight", value:"IBM Websphere Portal could allow a remote attacker to obtain sensitive
information, caused by Access Control issue in Portal AccessControl REST API. By REST request, an attacker
could exploit this vulnerability to view access control configuration of a requested resource.");
script_tag(name:"impact", value:"Remote attackers may bypass intended Portal AccessControl REST API access
restrictions and obtain sensitive information.");
script_tag(name:"affected", value:"WebSphere Portal 6.1, 7, 8.0 and 8.5.");
script_tag(name:"solution", value:"Check the vendor's advisory for sulutions.");
script_xref(name:"URL", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21973152");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!version = get_app_version(cpe: CPE, port: port))
exit(0);
if (version =~ "^8\.5") {
if (version_is_less(version: version, test_version: "8.5.0.0.9")) {
report = report_fixed_ver(installed_version: version, fixed_version: "8.5.0.0 CF09");
security_message(port: port, data: report);
exit(0);
}
}
if (version =~ "^8\.0\.0") {
if (version_is_less(version: version, test_version: "8.0.0.1.20")) {
report = report_fixed_ver(installed_version: version, fixed_version: "8.0.0.1 CF20");
security_message(port: port, data: report);
exit(0);
}
}
if (version =~ "^7\.0") {
if (version_is_less(version: version, test_version: "7.0.0.2.29")) {
report = report_fixed_ver(installed_version: version, fixed_version: "7.0.0.2 CF29");
security_message(port: port, data: report);
exit(0);
}
}
if (version =~ "^6\.1\.5") {
if (version_is_less(version: version, test_version: "6.1.5.3.27")) {
report = report_fixed_ver(installed_version: version, fixed_version: "6.1.5.3 CF27");
security_message(port: port, data: report);
exit(0);
}
}
if (version =~ "^6\.1\.0") {
if (version_is_less(version: version, test_version: "6.1.0.6.27")) {
report = report_fixed_ver(installed_version: version, fixed_version: "6.1.0.6 CF27");
security_message(port: port, data: report);
exit(0);
}
}
exit(0);
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.5 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.3%