IBM WebSphere Portal 8.5.0 < 8.5.0 CF14 / 9.0.0 < 9.0.0 CF14 Multiple Vulnerabilities

high Nessus Plugin ID 99236

Synopsis

The web portal software installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of IBM WebSphere Portal installed on the remote Windows host is 8.5.0 prior to 8.5.0.0 CF14 or 9.0.0 prior to CF14. It is, therefore, affected by multiple vulnerabilities :

- Multiple cross-site scripting (XSS) vulnerabilities exist in the web UI due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-1120, CVE-2017-1217)

- A cross-site redirection vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to redirect the unsuspecting user from an intended trusted website to an arbitrary website of the attacker's choosing, which then can be used to conduct further attacks. (CVE-2017-1156)

- A use-after-free error exists in the Outside In Filters subcomponent when handling PageHeight and PageWidth values in VSDX files. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code.
(CVE-2017-3266)

- Multiple unspecified flaws exist in the Outside In Filters subcomponent that allow an unauthenticated, remote attacker to cause a denial of service condition.
(CVE-2017-3267, CVE-2017-3268, CVE-2017-3270)

- Multiple unspecified flaws exist in the Outside In Filters subcomponent that allow an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2017-3269, CVE-2017-3271, CVE-2017-3293)

- A denial of service vulnerability exists in the Outside In Filters subcomponent, specifically in the Content Access functionality within the vspdf.dll library, when parsing the /Pages key in a Catalog Dictionary. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file, to crash an application linked to the library. (CVE-2017-3294)

- A denial of service vulnerability exists in the Outside In Filters subcomponent, specifically in the Content Access functionality within the vspdf.dll library, when parsing the /Matrix entry in a /CalRGB element within a PDF file. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file that triggers an invalid read, to crash an application linked to the library. (CVE-2017-3295)

Solution

Upgrade to IBM WebSphere Portal version 8.5.0 CF14 / 9.0.0 CF14 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg24037786#CF14

http://www-01.ibm.com/support/docview.wss?uid=swg22000152

http://www-01.ibm.com/support/docview.wss?uid=swg22000153

http://www-01.ibm.com/support/docview.wss?uid=swg22001394

http://www-01.ibm.com/support/docview.wss?uid=swg22004348

Plugin Details

Severity: High

ID: 99236

File Name: websphere_portal_cve-2017-1120.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 7/3/2017

Updated: 11/12/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-3293

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_portal

Required KB Items: installed_sw/IBM WebSphere Portal

Exploit Ease: No known exploits are available

Patch Publication Date: 6/27/2017

Vulnerability Publication Date: 1/17/2017

Reference Information

CVE: CVE-2017-1120, CVE-2017-1156, CVE-2017-1217, CVE-2017-3266, CVE-2017-3267, CVE-2017-3268, CVE-2017-3269, CVE-2017-3270, CVE-2017-3271, CVE-2017-3293, CVE-2017-3294, CVE-2017-3295

BID: 98340, 99350, 95507, 95513, 95522, 95524, 95529, 95532, 95534, 95536, 95539, 97075