IBM INotes and Domino Cross-site Scripting Vulnerability - June16

2016-06-03T00:00:00

Description

This host is installed with IBM Domino and is prone to cross-site scripting vulnerability

{"id": "OPENVAS:1361412562310808111", "type": "openvas", "bulletinFamily": "scanner", "title": "IBM INotes and Domino Cross-site Scripting Vulnerability - June16", "description": "This host is installed with IBM Domino and\n is prone to cross-site scripting vulnerability", "published": "2016-06-03T00:00:00", "modified": "2018-10-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808111", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21671981"], "cvelist": ["CVE-2014-0913"], "lastseen": "2019-05-29T18:35:22", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0913"]}, {"type": "kaspersky", "idList": ["KLA10200"]}, {"type": "nessus", "idList": ["DOMINO_INOTES_XSS.NASL", "LOTUS_DOMINO_INOTES_XSS.NASL"]}], "rev": 4}, "score": {"value": -0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2014-0913"]}, {"type": "nessus", "idList": ["DOMINO_INOTES_XSS.NASL"]}]}, "exploitation": null, "vulnersScore": -0.7}, "pluginID": "1361412562310808111", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_inotes_domino_xss_vuln_june16.nasl 12051 2018-10-24 09:14:54Z asteins $\n#\n# IBM INotes and Domino Cross-site Scripting Vulnerability - June16\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ibm:lotus_domino\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808111\");\n script_version(\"$Revision: 12051 $\");\n script_cve_id(\"CVE-2014-0913\");\n script_bugtraq_id(67297);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-24 11:14:54 +0200 (Wed, 24 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 17:28:31 +0530 (Fri, 03 Jun 2016)\");\n script_name(\"IBM INotes and Domino Cross-site Scripting Vulnerability - June16\");\n\n script_tag(name:\"summary\", value:\"This host is installed with IBM Domino and\n is prone to cross-site scripting vulnerability\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to insufficient validation\n of user supplied input via an e-mail message.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute commands as the logged-in user and/or expose user personal data.\");\n\n script_tag(name:\"affected\", value:\"IBM iNotes and Domino 8.5.3 FP6 before\n IF2 and 9.0.1 before FP1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to IBM Domino 9.0.1 FP1\n or 8.5.3 FP6 IF2.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21671981\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_lotus_domino_detect.nasl\");\n script_mandatory_keys(\"Domino/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"revisions-lib.inc\"); # Used in get_highest_app_version\ninclude(\"host_details.inc\");\n\nif(!domVer = get_highest_app_version(cpe:CPE)){\n exit(0);\n}\n\ndomVer1 = ereg_replace(pattern:\"FP\", string:domVer, replace: \".\");\n\nif(version_in_range(version:domVer1, test_version:\"8.5\", test_version2:\"8.5.3.6\"))\n{\n fix = \"8.5.3 FP6 IF2\";\n VULN = TRUE;\n}\n\nelse if(version_is_equal(version:domVer1, test_version:\"9.0.1\"))\n{\n fix = \"9.0.1 FP1\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:domVer, fixed_version:fix);\n security_message(data:report, port:0);\n exit(0);\n}\n", "naslFamily": "Web application abuses", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659709850}}

{"kaspersky": [{"lastseen": "2021-08-18T11:32:28", "description": "### *Detect date*:\n05/08/2014\n\n### *Severity*:\nWarning\n\n### *Description*:\nAn XSS vulnerability was found in IBM products. By exploiting this vulnerability malicious users can inject web script. This vulnerability can be exploited remotely via a specially designed e-mail.\n\n### *Affected products*:\nIBM NotesDomino version 8.5.3.6 IF1 and earlier \nIBM NotesDomino version 9.0.1.0\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nCI \n\n### *Related products*:\n[IBM Notes](<https://threats.kaspersky.com/en/product/IBM-Notes/>)\n\n### *CVE-IDS*:\n[CVE-2014-0913](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0913>)4.3Warning", "cvss3": {}, "published": "2014-05-08T00:00:00", "type": "kaspersky", "title": "KLA10200 CI vulnerability in IBM", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0913"], "modified": "2020-06-03T00:00:00", "id": "KLA10200", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10200/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:13:53", "description": "Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE.", "cvss3": {}, "published": "2014-05-09T01:55:00", "type": "cve", "title": "CVE-2014-0913", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0913"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:ibm:lotus_inotes:9.0.1.0", "cpe:/a:ibm:lotus_domino:8.5.3.6", "cpe:/a:ibm:lotus_inotes:8.5.3.6", "cpe:/a:ibm:lotus_domino:9.0.1.0"], "id": "CVE-2014-0913", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0913", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ibm:lotus_domino:8.5.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_domino:9.0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_inotes:8.5.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_inotes:9.0.1.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-01-18T14:30:42", "description": "According to its banner, the version of IBM Domino (formerly IBM Lotus Domino) on the remote host is 8.5.3 Fix Pack 6 (FP6) prior to 8.5.3 Fix Pack 6 (FP6) Interim Fix 2 (IF2) or 9.0.1 prior to 9.0.1 Fix Pack 1 (FP1), and thus is affected by an unspecified error that could allow cross-site scripting (XSS) attacks.", "cvss3": {}, "published": "2014-05-19T00:00:00", "type": "nessus", "title": "IBM Domino 8.5.3 FP6 / 9.0.1 < 8.5.3 FP6 IF2 / 9.0.1 FP1 iNotes XSS", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0913"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:domino", "cpe:/a:ibm:inotes"], "id": "DOMINO_INOTES_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/74089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74089);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0913\");\n script_bugtraq_id(67297);\n\n script_name(english:\"IBM Domino 8.5.3 FP6 / 9.0.1 < 8.5.3 FP6 IF2 / 9.0.1 FP1 iNotes XSS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote server is affected by a cross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of IBM Domino (formerly IBM Lotus\nDomino) on the remote host is 8.5.3 Fix Pack 6 (FP6) prior to 8.5.3\nFix Pack 6 (FP6) Interim Fix 2 (IF2) or 9.0.1 prior to 9.0.1 Fix Pack\n1 (FP1), and thus is affected by an unspecified error that could allow\ncross-site scripting (XSS) attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21671981\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21663874\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037141\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM Domino 8.5.3 FP6 IF2 / 9.0.1 FP1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:domino\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:inotes\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"domino_installed.nasl\");\n script_require_keys(\"Domino/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"IBM Domino\";\nver = get_kb_item_or_exit(\"Domino/Version\");\nport = get_kb_item(\"Domino/Version_provided_by_port\");\nif (!port) port = 0;\nversion = NULL;\nfix = NULL;\nfix_ver = NULL;\nfix_pack = NULL;\nhotfix = NULL;\n\n# Ensure sufficient granularity\nif (ver !~ \"^(\\d+\\.){1,}\\d+.*$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, ver);\n\n# Check for 9.0.1 versions\nif (ver =~ \"^9\\.0\\.1($|[^0-9])\")\n{\n fix = \"9.0.1 FP1\";\n fix_ver = \"9.0.1\";\n fix_pack = 1;\n hotfix = 0;\n}\n# Check for 8.5.3 versions\nelse if (ver =~ \"^8\\.5\\.3($|[^0-9])\")\n{\n fix = \"8.5.3 FP6 IF2\";\n fix_ver = \"8.5.3\";\n fix_pack = 6;\n hotfix = 82;\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, ver);\n\n# Breakdown the version into components.\nversion = eregmatch(string:ver, pattern:\"^((?:\\d+\\.){1,}\\d+)(?: FP(\\d+))?(?: HF(\\d+))?$\");\nif (isnull(version)) audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\n# Use 0 as a placeholder if no FP or HF. Version number itself was\n# checked for in the granularity check.\nif (!version[2]) version[2] = 0;\nelse version[2] = int(version[2]);\nif (!version[3]) version[3] = 0;\nelse version[3] = int(version[3]);\n\n# Compare current to fix and report as needed.\nif (\n (\n # 9.x only check FP\n fix_ver =~ \"^9\" &&\n (ver_compare(ver:version[1], fix:fix_ver, strict:FALSE) == 0 && version[2] < fix_pack)\n ) ||\n (\n # 8.x only check IF if FP == 6\n fix_ver =~ \"^8\" &&\n (ver_compare(ver:version[1], fix:fix_ver, strict:FALSE) == 0 && version[2] == fix_pack && version[3] < hotfix)\n )\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n' +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, ver);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-18T14:30:32", "description": "The remote host has a version of IBM Domino (formerly Lotus Domino) 8.5.3 Fix Pack 6 (FP6) Interim Fix 2 (IF2) or 9.0.1 prior to 9.0.1 Fix Pack 1 (FP1), and thus is affected by an unspecified error related to the iNotes component that could allow cross-site (XSS) scripting attacks.", "cvss3": {}, "published": "2014-05-19T00:00:00", "type": "nessus", "title": "IBM Domino 8.5.3 FP6 / 9.0.1 < 8.5.3 FP6 IF2 / 9.0.1 FP1 iNotes XSS (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0913"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:ibm:domino", "cpe:/a:ibm:inotes"], "id": "LOTUS_DOMINO_INOTES_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/74090", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74090);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\"CVE-2014-0913\");\n script_bugtraq_id(67297);\n\n script_name(english:\"IBM Domino 8.5.3 FP6 / 9.0.1 < 8.5.3 FP6 IF2 / 9.0.1 FP1 iNotes XSS (credentialed check)\");\n script_summary(english:\"Checks version of ninotes.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has software installed that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of IBM Domino (formerly Lotus Domino)\n8.5.3 Fix Pack 6 (FP6) Interim Fix 2 (IF2) or 9.0.1 prior to 9.0.1 Fix\nPack 1 (FP1), and thus is affected by an unspecified error related to\nthe iNotes component that could allow cross-site (XSS) scripting\nattacks.\");\n # Advisory\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21671981\");\n # Patch\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21663874\");\n # Patch\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037141\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to IBM Domino 8.5.3 FP6 IF2 / 9.0.1 FP1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:domino\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:inotes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lotus_domino_installed.nasl\");\n script_require_keys(\"SMB/Domino/Installed\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nappname = \"IBM Domino\";\nkb_base = \"SMB/Domino/\";\n\nversion = get_kb_item_or_exit(kb_base + 'Version');\npath = get_kb_item_or_exit(kb_base + 'Path');\n\nif (\n version !~ \"^8\\.5\\.36($|[^0-9])\" &&\n version !~ \"^9\\.0\\.10($|[^0-9])\"\n) audit(AUDIT_NOT_INST, appname + \" 8.5.36 / 9.0.10\");\n\ndll = \"nnotes.dll\";\ntemp_path = path + \"\\\" + dll;\n\ndll_ver = hotfix_get_fversion(path:temp_path);\nerr_res = hotfix_handle_error(\n error_code : dll_ver['error'],\n file : temp_path,\n appname : appname,\n exit_on_fail : TRUE\n);\nhotfix_check_fversion_end();\n\ndll_version = join(dll_ver['value'], sep:\".\");\n\nif (\n (\n # 8\n dll_version =~ \"^8\\.\" &&\n ver_compare(ver:dll_version, fix:'8.5.36.14105', strict:FALSE) < 0\n ) ||\n (\n # 9\n dll_version =~ \"^9\\.\" &&\n ver_compare(ver:dll_version, fix:'9.0.11.14093', strict:FALSE) < 0\n )\n)\n{\n port = kb_smb_transport();\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n File : ' + temp_path +\n '\\n Installed version : ' + dll_version +\n '\\n Fixed version : 8.5.36.14105 / 9.0.11.14093' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, dll, dll_version, path);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}