Lucene search
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.IBM_CLM_406.NASLHistoryMar 11, 2014 - 12:00 a.m.
IBM Rational Collaborative Lifecycle Management Products Unspecified Remote Code Execution
2014-03-1100:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
28
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.013
Percentile
86.2%
The version of at least one IBM Rational Collaborative Lifecycle Management component installed on the remote Windows host is 3.x prior to 3.0.1.6 iFix2 or 4.x prior to 4.0.6. It is, therefore, potentially affected by an unspecified remote code execution vulnerability in the Jazz Team Server.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(72929);
script_version("1.4");
script_cvs_date("Date: 2018/07/12 19:01:17");
script_cve_id("CVE-2014-0862");
script_bugtraq_id(65900);
script_name(english:"IBM Rational Collaborative Lifecycle Management Products Unspecified Remote Code Execution");
script_summary(english:"Checks version of IBM CLM components");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed that is affected
by a remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of at least one IBM Rational Collaborative Lifecycle
Management component installed on the remote Windows host is 3.x prior
to 3.0.1.6 iFix2 or 4.x prior to 4.0.6. It is, therefore, potentially
affected by an unspecified remote code execution vulnerability in the
Jazz Team Server.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21664566");
script_set_attribute(attribute:"solution", value:"Upgrade to IBM CLM 3.0.1.6 iFix2 / 4.0.6 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/28");
script_set_attribute(attribute:"patch_publication_date", value:"2014/02/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:rational_collaborative_lifecycle_management");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_dependencies("ibm_collaborative_lifecycle_management_installed.nbin");
script_require_keys("SMB/IBM CLM/Path");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
paths = get_kb_list_or_exit("SMB/IBM CLM/Path");
paths = list_uniq(make_list(paths));
foreach path (paths)
{
products = get_kb_list("SMB/IBM CLM/"+path+"/Components/*");
if (products)
{
foreach product (keys(products))
{
version = products[product];
product = product - ("SMB/IBM CLM/" + path + "/Components/");
if (
(
'Required Base License Keys' >!< product &&
'Trial keys for' >!< product
) &&
(
'Quality Management' >< product ||
'Requirements Management' >< product ||
'Change and Configuration Management' >< product ||
('Jazz Team Server and' >< product && ('CCM' >< product || 'QM' >< product || 'RM' >< product))
)
)
{
if (version =~ '^3\\.0\\.')
{
matches = eregmatch(pattern:'^([0-9\\.]+)( iFix ([0-9]+))?', string:version);
if (matches)
{
ver = matches[1];
if (max_index(matches) > 3)
ifix = int(matches[3]);
else
ifix = 0;
if (
(ver_compare(ver:ver, fix:'3.0.1.6') < 0) ||
(ver_compare(ver:ver, fix:'3.0.1.6') == 0 && ifix < 2)
)
{
info +=
'\n Path : ' + path +
'\n Component : ' + product +
'\n Installed version : ' + version +
'\n Fixed version : 3.0.1.6 iFix 2\n';
}
}
}
else if (version =~ '^4\\.0\\.')
{
if (ver_compare(ver:version, fix:'4.0.6') < 0)
{
info +=
'\n Path : ' + path +
'\n Component : ' + product +
'\n Installed version : ' + version +
'\n Fixed version : 4.0.6\n';
}
}
}
}
}
}
if (info)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
if (report_verbosity > 0) security_hole(port:port, extra:info);
else security_hole(port);
exit(0);
}
audit(AUDIT_INST_VER_NOT_VULN, 'IBM Collaborative Lifecycle Management Application');
Related
seebug
seebug
IBM Rational Quality Manager Jazz Team Server未明远程代码执行漏洞
2014-03-03 00:00:00
IBM Collaborative Lifecycle Management Applications远程代码执行漏洞
2014-03-20 00:00:00
cvelist
cvelist
CVE-2014-0862
2014-03-02 02:00:00
ibm
ibm
prion
prion
Code injection
2014-03-02 04:57:00
nvd
nvd
CVE-2014-0862
2014-03-02 04:57:25
cve
cve
CVE-2014-0862
2014-03-02 04:57:25
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0240)
2022-01-28 00:00:00
mageia
mageia
Updated rabbitmq-server packages fix security vulnerabilities
2015-06-09 00:17:51
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.013
Percentile
86.2%
Related for IBM_CLM_406.NASL