Detections
Analytics
IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF14 Multiple Vulnerabilities
medium Nessus Plugin ID 78741
Language:
Synopsis
The remote Windows host has web portal software installed that is affected by multiple vulnerabilities.Description
The version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities :- An unspecified information disclosure vulnerability exists which allows a remote attacker to gain access to sensitive information. (CVE-2014-3083)
- An information disclosure vulnerability exists which allows a remote, authenticated attacker to gain access to sensitive information, such as user credentials, through certain HTML pages. (CVE-2014-4761)
- An unspecified cross-site scripting vulnerability exists due to improper validation of user input.
(CVE-2014-4762)
- An unrestricted file upload vulnerability exists which allows a remote, authenticated attacker to upload large files, potentially resulting in a denial of service.
(CVE-2014-4792)
- An unspecified cross-site scripting vulnerability exists due to improper validation of user input.
(CVE-2014-4762)
Solution
IBM has published a cumulative fix (CF14) for WebSphere Portal 8.0.0.1. Refer to IBM's advisory for more information.See Also
https://www-304.ibm.com/support/docview.wss?uid=swg21681998
http://www.nessus.org/u?11287c08
Plugin Details
Severity: Medium
ID: 78741
File Name: websphere_portal_8_0_0_1_cf14.nasl
Version: 1.9
Type: local
Family: CGI abuses
Published: 10/30/2014
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:ibm:websphere_portal
Required KB Items: installed_sw/IBM WebSphere Portal
Exploit Ease: No exploit is required
Patch Publication Date: 10/7/2014
Vulnerability Publication Date: 8/19/2014
Reference Information
CVE: CVE-2014-3083, CVE-2014-4761, CVE-2014-4762, CVE-2014-4792, CVE-2014-6215