Lucene search
Copyright (C) 2017 Greenbone AGOPENVAS:1361412562310810733HistoryApr 07, 2017 - 12:00 a.m.
IBM WebSphere Portal Access Control Bypass Vulnerability (swg22000152)
2017-04-0700:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
12
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.0%
IBM Websphere Portal is prone to access control bypass vulnerability.
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ibm:websphere_portal";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.810733");
script_version("2024-02-26T14:36:40+0000");
script_cve_id("CVE-2015-4997");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2024-02-26 14:36:40 +0000 (Mon, 26 Feb 2024)");
script_tag(name:"creation_date", value:"2017-04-07 17:09:57 +0530 (Fri, 07 Apr 2017)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("IBM WebSphere Portal Access Control Bypass Vulnerability (swg22000152)");
script_tag(name:"summary", value:"IBM Websphere Portal is prone to access control bypass vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw is due to an improper validation
of access control. By sending specially crafted requests, an attacker could
exploit this vulnerability to bypass security and gain unauthorized access
to the vulnerable system or other systems.");
script_tag(name:"impact", value:"Successful exploitation will allow a remote
attacker to bypass access control restrictions and gain access to the target
system.");
script_tag(name:"affected", value:"IBM WebSphere Portal 8.5.0 before Cumulative Fix 08 (CF08)");
script_tag(name:"solution", value:"Upgrade to IBM WebSphere Portal
8.5.0 with Cumulative Fix 08 (CF08) later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21968474");
script_xref(name:"URL", value:"http://www.securitytracker.com/id/1033982");
script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1PI47694");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_ibm_websphere_portal_detect.nasl");
script_mandatory_keys("ibm_websphere_portal/installed");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!webPort = get_app_port(cpe:CPE)){
exit(0);
}
if(!webVer = get_app_version(cpe:CPE, port:webPort)){
exit(0);
}
if(webVer =~ "^8\.5\.0")
{
if(version_is_less(version:webVer, test_version:"8.5.0.0.8"))
{
report = report_fixed_ver(installed_version:webVer, fixed_version:"8.5.0 Cumulative Fix 08 (CF08) or later");
security_message(data:report, port:webPort);
exit(0);
}
}
Related
prion
prion
Cross site request forgery (csrf)
2015-10-29 11:59:00
nvd
nvd
CVE-2015-4997
2015-10-29 11:59:06
cve
cve
CVE-2015-4997
2015-10-29 11:59:06
cvelist
cvelist
CVE-2015-4997
2015-10-29 10:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.0%
Related for OPENVAS:1361412562310810733