IBM WebSphere Portal 8.5.0 < 8.5.0 CF14 / 9.0.0 < 9.0.0 CF14 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The web portal software installed on the remote Windows host is
affected by multiple vulnerabilities.

Description :

The version of IBM WebSphere Portal installed on the remote Windows
host is 8.5.0 prior to 8.5.0.0 CF14 or 9.0.0 prior to CF14. It is,
therefore, affected by multiple vulnerabilities :

- Multiple cross-site scripting (XSS) vulnerabilities
exist in the web UI due to improper validation of
user-supplied input before returning it to users. An
unauthenticated, remote attacker can exploit these, via
a specially crafted request, to execute arbitrary script
code in a user's browser session. (CVE-2017-1120,
CVE-2017-1217)

- A cross-site redirection vulnerability exists due to
improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit this, by
convincing a user to follow a specially crafted link,
to redirect the unsuspecting user from an intended
trusted website to an arbitrary website of the
attacker's choosing, which then can be used to conduct
further attacks. (CVE-2017-1156)

- A use-after-free error exists in the Outside In Filters
subcomponent when handling PageHeight and PageWidth
values in VSDX files. An unauthenticated, remote
attacker can exploit this to deference already freed
memory, resulting in the execution of arbitrary code.
(CVE-2017-3266)

- Multiple unspecified flaws exist in the Outside In
Filters subcomponent that allow an unauthenticated,
remote attacker to cause a denial of service condition.
(CVE-2017-3267, CVE-2017-3268, CVE-2017-3270)

- Multiple unspecified flaws exist in the Outside In
Filters subcomponent that allow an unauthenticated,
remote attacker to impact confidentiality, integrity,
and availability. (CVE-2017-3269, CVE-2017-3271,
CVE-2017-3293)

- A denial of service vulnerability exists in the Outside
In Filters subcomponent, specifically in the Content
Access functionality within the vspdf.dll library, when
parsing the /Pages key in a Catalog Dictionary. An
unauthenticated, remote attacker can exploit this, via a
specially crafted PDF file, to crash an application
linked to the library. (CVE-2017-3294)

- A denial of service vulnerability exists in the Outside
In Filters subcomponent, specifically in the Content
Access functionality within the vspdf.dll library, when
parsing the /Matrix entry in a /CalRGB element within a
PDF file. An unauthenticated, remote attacker can
exploit this, via a specially crafted PDF file that
triggers an invalid read, to crash an application linked
to the library. (CVE-2017-3295)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg24037786#CF14
http://www-01.ibm.com/support/docview.wss?uid=swg22000152
http://www-01.ibm.com/support/docview.wss?uid=swg22000153
http://www-01.ibm.com/support/docview.wss?uid=swg22001394
http://www-01.ibm.com/support/docview.wss?uid=swg22004348

Solution :

Upgrade to IBM WebSphere Portal version 8.5.0 CF14 / 9.0.0 CF14 or
later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now