Vulnerabilities > CVE-2014-3054 - Open Redirection vulnerability in IBM products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/601.html" target="_blank">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 44 |
Nessus
NASL family CGI abuses NASL id WEBSPHERE_PORTAL_SWG21677032.NASL description The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities in the Unified Task List (UTL) portlet : - An unspecified open redirect vulnerability exists that allows a remote attacker to perform a phishing attack by enticing a user to click a malicious URL. (CVE-2014-3054) - A SQL injection vulnerability exists that allows a remote attacker who is a trusted user to manipulate or inject SQL queries into the back-end database. (CVE-2014-3055) - An information disclosure vulnerability exists that allows remote attackers to view environment variables and certain JAR files along with the versions. (CVE-2014-3056) - A cross-site scripting vulnerability exists that allows a remote attacker to execute arbitrary code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 77541 published 2014-09-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77541 title IBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77541); script_version("1.6"); script_cvs_date("Date: 2018/08/06 14:03:14"); script_cve_id( "CVE-2014-3054", "CVE-2014-3055", "CVE-2014-3056", "CVE-2014-3057" ); script_bugtraq_id(68924, 68925, 68928, 68929); script_name(english:"IBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909)"); script_summary(english:"Checks for an installed patch."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has web portal software installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities in the Unified Task List (UTL) portlet : - An unspecified open redirect vulnerability exists that allows a remote attacker to perform a phishing attack by enticing a user to click a malicious URL. (CVE-2014-3054) - A SQL injection vulnerability exists that allows a remote attacker who is a trusted user to manipulate or inject SQL queries into the back-end database. (CVE-2014-3055) - An information disclosure vulnerability exists that allows remote attackers to view environment variables and certain JAR files along with the versions. (CVE-2014-3056) - A cross-site scripting vulnerability exists that allows a remote attacker to execute arbitrary code in a user's browser. (CVE-2014-3057)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21677032"); # https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fixes-available-for-security-vulnerabilities-in-ibm-websphere-portal-related-to-unified-task-list-utl-portlet-cve-2014-3054-cve-2014-3055-cve-2014-3056-cve-2014-3057/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77124e50"); script_set_attribute(attribute:"solution", value: "Upgrade to 8.0.0.1 CF12 (PI14791) and then apply Interim Fix PI18909 or 8.0.0.1 CF13 (PI17735) or apply the workaround. Refer to IBM's advisory for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/30"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("websphere_portal_installed.nbin"); script_require_keys("installed_sw/IBM WebSphere Portal"); script_require_ports(139, 445); exit(0); } include("websphere_portal_version.inc"); portlets = make_array(); paa = "Unified Task List (UTL)"; portlets[paa]["Cell File"] = "\PA_WPF.ear\unifiedtasklist.war\utl-version.properties"; portlets[paa]["WP Ranges"] = make_list("8.0.0.0, 8.0.0.1"); websphere_portal_check_version( ranges:make_list("8.0.0.0, 8.0.0.1, CF12"), fix:"PI14791", portlets:portlets, req_vuln_portlets:make_list(paa), severity:SECURITY_HOLE, sqli:TRUE, xss: TRUE );
NASL family Windows NASL id WEBSPHERE_PORTAL_UTL_PORTLET_SWG21677032.NASL description The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities in the Unified Task List (UTL) portlet : - An unspecified open redirect vulnerability exists that allows a remote attacker to perform a phishing attack by enticing a user to click a malicious URL. (CVE-2014-3054) - A SQL injection vulnerability exists that allows a remote attacker who is a trusted user to manipulate or inject SQL queries into the back-end database. (CVE-2014-3055) - An information disclosure vulnerability exists that allows remote attackers to view environment variables and certain JAR files along with the versions. (CVE-2014-3056) - A cross-site scripting vulnerability exists that allows a remote attacker to execute arbitrary code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 77542 published 2014-09-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77542 title IBM WebSphere Portal 7.0.0.x Unified Task List Portlet < 6.0.1 Multiple Vulnerabilities (PI18909) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77542); script_version("1.4"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id( "CVE-2014-3054", "CVE-2014-3055", "CVE-2014-3056", "CVE-2014-3057" ); script_bugtraq_id(68924, 68925, 68928, 68929); script_name(english:"IBM WebSphere Portal 7.0.0.x Unified Task List Portlet < 6.0.1 Multiple Vulnerabilities (PI18909)"); script_summary(english:"Checks for installed portlet."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has web portal software installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities in the Unified Task List (UTL) portlet : - An unspecified open redirect vulnerability exists that allows a remote attacker to perform a phishing attack by enticing a user to click a malicious URL. (CVE-2014-3054) - A SQL injection vulnerability exists that allows a remote attacker who is a trusted user to manipulate or inject SQL queries into the back-end database. (CVE-2014-3055) - An information disclosure vulnerability exists that allows remote attackers to view environment variables and certain JAR files along with the versions. (CVE-2014-3056) - A cross-site scripting vulnerability exists that allows a remote attacker to execute arbitrary code in a user's browser. (CVE-2014-3057)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21677032"); # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_related_to_unified_task_list_utl_portlet_cve_2014_3054_cve_2014_3055_cve_2014_3056_cve_2014_3057?lang=en_us script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc07a8d4"); script_set_attribute(attribute:"solution", value: "Upgrade to Unified Task List portlet 6.0.1 or later. Refer to IBM's advisory for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/30"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("websphere_portal_installed.nbin"); script_require_keys("installed_sw/IBM WebSphere Portal"); script_require_ports(139, 445); exit(0); } include("websphere_portal_version.inc"); paa_ver = UNKNOWN_VER; paa_fix = "6.0.1"; paa = "Unified Task List"; portlets[paa]["Fixed Version"] = "6.0.1"; portlets[paa]["File"] = "\..\paa\unifiedtasklist\components\unifiedtasklist\version\checklists.common.component"; portlets[paa]["Version Regex"] = 'spec-version="([0-9\\.]+)"\\s*/>'; portlets[paa]["WP Ranges"] = make_list("7.0.0.0, 7.0.0.2"); websphere_portal_check_version( portlets:portlets, severity:SECURITY_HOLE, xss :TRUE, sqli :TRUE );