4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
47.5%
The IBM WebSphere Portal installed on the remote host is version 6.1.0.x prior to 6.1.0.6 CF27, 6.1.5.x prior to 6.1.5.3 CF27, 7.0.0.x prior to 7.0.0.2 CF30, 8.0.0.x prior to 8.0.0.1 CF22, and is therefore affected by a cross-site scripting (XSS) vulnerability.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(102996);
script_version("1.5");
script_cvs_date("Date: 2019/11/12");
script_cve_id("CVE-2017-1189");
script_name(english:"IBM WebSphere Portal XSS (swg22008028)");
script_summary(english:"Checks for the install patches.");
script_set_attribute(attribute:"synopsis", value:
"The web portal software installed on the remote Windows host is
affected by a cross-site scripting vulnerability.");
script_set_attribute(attribute:"description", value:
"The IBM WebSphere Portal installed on the remote host is version
6.1.0.x prior to 6.1.0.6 CF27, 6.1.5.x prior to 6.1.5.3 CF27,
7.0.0.x prior to 7.0.0.2 CF30, 8.0.0.x prior to 8.0.0.1 CF22, and
is therefore affected by a cross-site scripting (XSS) vulnerability.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22008028");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate fixes per the vendor advisory.
- For 6.1.0.x, upgrade to version 6.1.0.6 CF27 and apply
interim fix PI78908.
- For 6.1.5.x, upgrade to version 6.1.5.3 CF27 and apply
interim fix PI78908.
- For 7.0.0.x, upgrade to version 7.0.0.2 CF30 and apply
interim fix PI78908.
- For 8.0.0.x, upgrade to version 8.0.0.1 CF22 and apply
interim fix PI78908.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1189");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2017/09/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_portal_installed.nbin");
script_require_keys("installed_sw/IBM WebSphere Portal");
exit(0);
}
include("websphere_portal_version.inc");
websphere_portal_check_version(
checks:make_array(
"8.0.0.0, 8.0.0.1, CF22", make_list("PI78908"),
"7.0.0.0, 7.0.0.2, CF30", make_list('PI78908'),
"6.1.5.0, 6.1.5.3, CF27", make_list('PI78908'),
"6.1.0.0, 6.1.0.6, CF27", make_list('PI78908')
),
severity:SECURITY_WARNING,
xss: TRUE
);
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_portal | cpe:/a:ibm:websphere_portal |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
47.5%