Synopsis
The web portal software installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of IBM WebSphere Portal installed on the remote Windows host is 8.5.0 prior to 8.5.0.0 CF14 or 9.0.0 prior to CF14. It is, therefore, affected by multiple vulnerabilities :
- Multiple cross-site scripting (XSS) vulnerabilities exist in the web UI due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-1120, CVE-2017-1217)
- A cross-site redirection vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to redirect the unsuspecting user from an intended trusted website to an arbitrary website of the attacker's choosing, which then can be used to conduct further attacks. (CVE-2017-1156)
- A use-after-free error exists in the Outside In Filters subcomponent when handling PageHeight and PageWidth values in VSDX files. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code.
(CVE-2017-3266)
- Multiple unspecified flaws exist in the Outside In Filters subcomponent that allow an unauthenticated, remote attacker to cause a denial of service condition.
(CVE-2017-3267, CVE-2017-3268, CVE-2017-3270)
- Multiple unspecified flaws exist in the Outside In Filters subcomponent that allow an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2017-3269, CVE-2017-3271, CVE-2017-3293)
- A denial of service vulnerability exists in the Outside In Filters subcomponent, specifically in the Content Access functionality within the vspdf.dll library, when parsing the /Pages key in a Catalog Dictionary. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file, to crash an application linked to the library. (CVE-2017-3294)
- A denial of service vulnerability exists in the Outside In Filters subcomponent, specifically in the Content Access functionality within the vspdf.dll library, when parsing the /Matrix entry in a /CalRGB element within a PDF file. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file that triggers an invalid read, to crash an application linked to the library. (CVE-2017-3295)
Solution
Upgrade to IBM WebSphere Portal version 8.5.0 CF14 / 9.0.0 CF14 or later.
Plugin Details
File Name: websphere_portal_cve-2017-1120.nasl
Agent: windows
Supported Sensors: Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:websphere_portal
Required KB Items: installed_sw/IBM WebSphere Portal
Exploit Ease: No known exploits are available
Patch Publication Date: 6/27/2017
Vulnerability Publication Date: 1/17/2017
Reference Information
CVE: CVE-2017-1120, CVE-2017-1156, CVE-2017-1217, CVE-2017-3266, CVE-2017-3267, CVE-2017-3268, CVE-2017-3269, CVE-2017-3270, CVE-2017-3271, CVE-2017-3293, CVE-2017-3294, CVE-2017-3295
BID: 98340, 99350, 95507, 95513, 95522, 95524, 95529, 95532, 95534, 95536, 95539, 97075