IBM WebSphere Portal 8.5.0 < 8.5.0 CF03 Multiple Vulnerabilities

Medium Nessus Plugin ID 78742

Synopsis

The remote Windows host has web portal software installed that is affected by multiple vulnerabilities.

Description

The version of IBM WebSphere Portal installed on the remote host is affected by the multiple vulnerabilities :

- Multiple vulnerabilities exist in the Apache Cordova component, including cross-application scripting, security bypass, and information disclosure.
(CVE-2014-3500, CVE-2014-3501, CVE-2014-3502)

- An information disclosure flaw exists that allows remote authenticated attackers to obtain credentials by reading HTML source code. (CVE-2014-4761)

- An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808)

- A flaw exists that is caused by improper recursion detection during entity expansion. By tricking a user into opening a specially-crafted XML document, an attacker can cause the system to crash, resulting in a denial of service. (CVE-2014-4814)

- An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes.
(CVE-2014-4821)

- A flaw exists in CKEditor in the Preview plugin that allows a cross-site scripting attack. The flaw exists due to 'plugins/preview/preview.html' not properly validating user-supplied input before returning it to users. This allows an attacker to send a specially crafted request designed to steal cookie-based authentication credentials. (CVE-2014-5191)

- A cross-site request forgery vulnerability exists due to improper validation of user-supplied input. By tricking a user into visiting a malicious website, a remote attacker can perform cross-site scripting attacks, web cache poisoning, and other malicious activities. (CVE-2014-6125)

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can execute code within a victim's web browser within the context of the hosted site. This can lead to the compromise of the user's cookie-based authentication credentials. (CVE-2014-6126)

- An unspecified cross-site scripting vulnerability exists due to improper validation of user input.
(CVE-2014-4762)

Solution

IBM has published a cumulative fix (CF03) for WebSphere Portal 8.5.0.
Refer to IBM's advisory for more information.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21684649

https://www-304.ibm.com/support/docview.wss?uid=swg21684651

http://www.nessus.org/u?2e77e115

http://www.nessus.org/u?60595c5b

https://www-304.ibm.com/support/docview.wss?uid=swg21684650

http://www-01.ibm.com/support/docview.wss?uid=swg21684652

http://www.nessus.org/u?aa26251e

Plugin Details

Severity: Medium

ID: 78742

File Name: websphere_portal_8_5_0_0_cf03.nasl

Version: 1.10

Type: local

Family: CGI abuses

Published: 2014/10/30

Updated: 2018/08/06

Dependencies: 72644

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_portal

Required KB Items: installed_sw/IBM WebSphere Portal

Exploit Available: false

Exploit Ease: No exploit is required

Patch Publication Date: 2014/10/27

Vulnerability Publication Date: 2014/10/24

Reference Information

CVE: CVE-2014-3500, CVE-2014-3501, CVE-2014-3502, CVE-2014-4761, CVE-2014-4808, CVE-2014-4814, CVE-2014-4821, CVE-2014-5191, CVE-2014-6125, CVE-2014-6126, CVE-2014-6215

BID: 69038, 69041, 69046, 69161, 70322, 70755, 70756, 70757, 70758, 70759, 71728

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990