This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Windows host has web portal software installed that is
affected by multiple vulnerabilities.
The version of IBM WebSphere Portal on the remote host is affected by
multiple vulnerabilities in the Unified Task List (UTL) portlet :
- An unspecified open redirect vulnerability exists that
allows a remote attacker to perform a phishing attack
by enticing a user to click a malicious URL.
- A SQL injection vulnerability exists that allows a
remote attacker who is a trusted user to manipulate or
inject SQL queries into the back-end database.
- An information disclosure vulnerability exists that
allows remote attackers to view environment variables
and certain JAR files along with the versions.
- A cross-site scripting vulnerability exists that allows
a remote attacker to execute arbitrary code in a user's
See also :
Upgrade to Unified Task List portlet 6.0.1 or later. Refer to IBM's
advisory for more information.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true