IBM WebSphere Application Server 7.0 < / 8.0 < / 8.5 < / 9.0 < Unspecified XSS (PI82078)

Medium Nessus Plugin ID 102199


The remote web application server is affected by a cross-site scripting vulnerability.


The version of IBM WebSphere Application Server running on the remote host is 7.0 prior to, 8.0 prior to, 8.5 prior to, or 9.0 prior to It is, therefore, affected by a cross-site scripting flaw because the Admin Console does not validate unspecified input before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.


Apply IBM WebSphere Application Server version 7.0 Fix Pack 45 ( (targeted availability 2Q 2018) / 8.0 Fix Pack 14 ( (targeted availability 16 October 2017) / 8.5 Fix Pack 12 ( / 9.0 Fix Pack 5 ( (targeted availability 29 September 2017) or later. Alternatively, apply the appropriate Interim Fix PI82078 as recommended in the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 102199

File Name: websphere_cve-2017-1380.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Web Servers

Published: 2017/08/04

Modified: 2018/02/15

Dependencies: 57034

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 5.4

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/07/20

Vulnerability Publication Date: 2017/07/20

Reference Information

CVE: CVE-2017-1380

BID: 99961

OSVDB: 161854