This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.WEBSPHERE_PORTAL_SWG21976358.NASLIBM WebSphere Portal Multiple Vulnerabilities (swg21976358)
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
55.5%
The IBM WebSphere Portal installed on the remote host is version 6.1.0.x prior to 6.1.0.6 CF27 with patches, 6.1.5.x prior to 6.1.5.3 CF27 with patches, 7.0.0.x prior to 7.0.0.2 CF29 with patches, 8.0.0.x prior to 8.0.0.1 CF20, or 8.5.0.0 prior to 8.5.0.0 CF09 with patches.
It is, therefore, affected by multiple vulnerabilities :
-
An open redirect vulnerability exists due to improper validation of input before returning it to the user. An attacker can exploit this, via a specially crafted link, to redirect a victim to an arbitrary website.
(CVE-2015-7428) -
A security bypass vulnerability exists due to insecure permissions. A remote attacker can exploit this to make changes to content items. (CVE-2015-7455)
-
Multiple unspecified cross-site scripting vulnerabilities exist due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a userβs browser session. (CVE-2015-7457, CVE-2015-7491, CVE-2016-0243, CVE-2016-0244)
-
An XML External Entity (XXE) injection vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition or to disclose sensitive information.
(CVE-2016-0245)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(89689);
script_version("1.7");
script_cvs_date("Date: 2019/11/20");
script_cve_id(
"CVE-2015-7428",
"CVE-2015-7455",
"CVE-2015-7457",
"CVE-2015-7491",
"CVE-2016-0243",
"CVE-2016-0244",
"CVE-2016-0245"
);
script_name(english:"IBM WebSphere Portal Multiple Vulnerabilities (swg21976358)");
script_summary(english:"Checks for the install patches.");
script_set_attribute(attribute:"synopsis", value:
"The web portal software installed on the remote Windows host is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The IBM WebSphere Portal installed on the remote host is version
6.1.0.x prior to 6.1.0.6 CF27 with patches, 6.1.5.x prior to 6.1.5.3
CF27 with patches, 7.0.0.x prior to 7.0.0.2 CF29 with patches, 8.0.0.x
prior to 8.0.0.1 CF20, or 8.5.0.0 prior to 8.5.0.0 CF09 with patches.
It is, therefore, affected by multiple vulnerabilities :
- An open redirect vulnerability exists due to improper
validation of input before returning it to the user. An
attacker can exploit this, via a specially crafted link,
to redirect a victim to an arbitrary website.
(CVE-2015-7428)
- A security bypass vulnerability exists due to insecure
permissions. A remote attacker can exploit this to make
changes to content items. (CVE-2015-7455)
- Multiple unspecified cross-site scripting
vulnerabilities exist due to improper validation of
user-supplied input. A remote attacker can exploit this,
via a specially crafted request, to execute arbitrary
script code in a user's browser session. (CVE-2015-7457,
CVE-2015-7491, CVE-2016-0243, CVE-2016-0244)
- An XML External Entity (XXE) injection vulnerability
exists due to an incorrectly configured XML parser
accepting XML external entities from an untrusted
source. A remote attacker can exploit this, via
specially crafted XML data, to cause a denial of service
condition or to disclose sensitive information.
(CVE-2016-0245)");
script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21976358");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate fixes per the vendor advisory.
- For 6.1.0.x, upgrade to version 6.1.0.6 CF27 and apply
interim fixes PI54088 and PI55327.
- For 6.1.5.x, upgrade to version 6.1.5.3 CF27 and apply
interim fixes PI54088 and PI55327.
- For 7.0.0.x, upgrade to version 7.0.0.2 CF29 and apply
interim fixes PI51234, PI55327, and PI54088.
- For 8.0.0.x, upgrade to version 8.0.0.1 CF20.
- For 8.5.0.x, upgrade to version 8.5.0 CF09 and apply
interim fix PI56682.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7428");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/29");
script_set_attribute(attribute:"patch_publication_date", value:"2016/02/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_portal_installed.nbin");
script_require_keys("installed_sw/IBM WebSphere Portal");
exit(0);
}
include("websphere_portal_version.inc");
websphere_portal_check_version(
checks:make_array(
"8.5.0.0, 8.5.0.0, CF00-CF09", make_list('PI56682'),
"8.0.0.0, 8.0.0.1", make_list("CF20"),
"7.0.0.0, 7.0.0.2, CF00-CF29", make_list('PI51234', 'PI54088', 'PI55327'),
"6.1.5.0, 6.1.5.3, CF00-CF27", make_list('PI54088', 'PI55327'),
"6.1.0.0, 6.1.0.6, CF00-CF27", make_list('PI54088', 'PI55327')
),
severity:SECURITY_WARNING,
xss: TRUE
);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_portal | cpe:/a:ibm:websphere_portal |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7491
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0245
www-01.ibm.com/support/docview.wss?uid=swg21976358
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
55.5%