Vulnerabilities > CVE-2013-6722 - Arbitrary File Upload vulnerability in IBM WebSphere Portal

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72645);
  script_version("1.6");
  script_cvs_date("Date: 2018/08/06 14:03:14");

  script_cve_id("CVE-2013-6722");
  script_bugtraq_id(65489);

  script_name(english:"IBM WebSphere Portal Registration/Edit My Profile Portlet Unrestricted Remote File Upload (PI07013)");
  script_summary(english:"Checks for installed patches.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has web portal software installed that is
affected by an issue that allows uploading of unrestricted files.");
  script_set_attribute(attribute:"description", value:
"The version of WebSphere Portal on the remote host is affected by an
unrestricted remote file upload vulnerability in the
'Registration/Edit My Profile' portlet. This can potentially lead to
code execution or a denial of service.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21662873");
# https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unrestricted_file_upload_security_vulnerability_in_ibm_websphere_portal_cve_2013_6722?lang=en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82b5593b");
  script_set_attribute(attribute:"solution", value:
"IBM has published interim fix PI07013. Either apply this fix
individually or as part of combined cumulative fix 7.0.0.2 CF27
(PI07279) or combined cumulative fix 8.0.0.1 CF10 (PI08371). Refer to
IBM's advisory for more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/22");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("websphere_portal_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Portal", "Settings/ParanoidReport");
  exit(0);
}

include("websphere_portal_version.inc");

# Registration/Edit My Profile portlet must be installed and a workaround is available
if (report_paranoia < 2) audit(AUDIT_PARANOID);

websphere_portal_check_version(
  ranges:make_list(
    "7.0.0.0, 7.0.0.2, CF27",
    "8.0.0.0, 8.0.0.1, CF10"
  ),
  fix:"PI07013",
  severity:SECURITY_WARNING
);