Vulnerabilities > CVE-2014-3054 - Open Redirection vulnerability in IBM products

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
ibm
nessus

Summary

Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/601.html" target="_blank">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

Nessus

  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_SWG21677032.NASL
    descriptionThe version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities in the Unified Task List (UTL) portlet : - An unspecified open redirect vulnerability exists that allows a remote attacker to perform a phishing attack by enticing a user to click a malicious URL. (CVE-2014-3054) - A SQL injection vulnerability exists that allows a remote attacker who is a trusted user to manipulate or inject SQL queries into the back-end database. (CVE-2014-3055) - An information disclosure vulnerability exists that allows remote attackers to view environment variables and certain JAR files along with the versions. (CVE-2014-3056) - A cross-site scripting vulnerability exists that allows a remote attacker to execute arbitrary code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id77541
    published2014-09-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77541
    titleIBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77541);
      script_version("1.6");
      script_cvs_date("Date: 2018/08/06 14:03:14");
    
      script_cve_id(
        "CVE-2014-3054",
        "CVE-2014-3055",
        "CVE-2014-3056",
        "CVE-2014-3057"
      );
      script_bugtraq_id(68924, 68925, 68928, 68929);
    
      script_name(english:"IBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909)");
      script_summary(english:"Checks for an installed patch.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has web portal software installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal on the remote host is affected by
    multiple vulnerabilities in the Unified Task List (UTL) portlet :
    
      - An unspecified open redirect vulnerability exists that
        allows a remote attacker to perform a phishing attack
        by enticing a user to click a malicious URL.
        (CVE-2014-3054)
    
      - A SQL injection vulnerability exists that allows a
        remote attacker who is a trusted user to manipulate or
        inject SQL queries into the back-end database.
        (CVE-2014-3055)
    
      - An information disclosure vulnerability exists that
        allows remote attackers to view environment variables
        and certain JAR files along with the versions.
        (CVE-2014-3056)
    
      - A cross-site scripting vulnerability exists that allows
        a remote attacker to execute arbitrary code in a user's
        browser. (CVE-2014-3057)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21677032");
      # https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fixes-available-for-security-vulnerabilities-in-ibm-websphere-portal-related-to-unified-task-list-utl-portlet-cve-2014-3054-cve-2014-3055-cve-2014-3056-cve-2014-3057/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77124e50");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to 8.0.0.1 CF12 (PI14791) and then apply Interim Fix PI18909
    or 8.0.0.1 CF13 (PI17735) or apply the workaround. Refer to IBM's
    advisory for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
      script_require_ports(139, 445);
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    portlets = make_array();
    
    paa = "Unified Task List (UTL)";
    portlets[paa]["Cell File"] = "\PA_WPF.ear\unifiedtasklist.war\utl-version.properties";
    portlets[paa]["WP Ranges"] = make_list("8.0.0.0, 8.0.0.1");
    
    websphere_portal_check_version(
      ranges:make_list("8.0.0.0, 8.0.0.1, CF12"),
      fix:"PI14791",
      portlets:portlets,
      req_vuln_portlets:make_list(paa),
      severity:SECURITY_HOLE,
      sqli:TRUE,
      xss: TRUE
    );
    
  • NASL familyWindows
    NASL idWEBSPHERE_PORTAL_UTL_PORTLET_SWG21677032.NASL
    descriptionThe version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities in the Unified Task List (UTL) portlet : - An unspecified open redirect vulnerability exists that allows a remote attacker to perform a phishing attack by enticing a user to click a malicious URL. (CVE-2014-3054) - A SQL injection vulnerability exists that allows a remote attacker who is a trusted user to manipulate or inject SQL queries into the back-end database. (CVE-2014-3055) - An information disclosure vulnerability exists that allows remote attackers to view environment variables and certain JAR files along with the versions. (CVE-2014-3056) - A cross-site scripting vulnerability exists that allows a remote attacker to execute arbitrary code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id77542
    published2014-09-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77542
    titleIBM WebSphere Portal 7.0.0.x Unified Task List Portlet < 6.0.1 Multiple Vulnerabilities (PI18909)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77542);
      script_version("1.4");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id(
        "CVE-2014-3054",
        "CVE-2014-3055",
        "CVE-2014-3056",
        "CVE-2014-3057"
      );
      script_bugtraq_id(68924, 68925, 68928, 68929);
    
      script_name(english:"IBM WebSphere Portal 7.0.0.x Unified Task List Portlet < 6.0.1 Multiple Vulnerabilities (PI18909)");
      script_summary(english:"Checks for installed portlet.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has web portal software installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal on the remote host is affected by
    multiple vulnerabilities in the Unified Task List (UTL) portlet :
    
      - An unspecified open redirect vulnerability exists that
        allows a remote attacker to perform a phishing attack
        by enticing a user to click a malicious URL.
        (CVE-2014-3054)
    
      - A SQL injection vulnerability exists that allows a
        remote attacker who is a trusted user to manipulate or
        inject SQL queries into the back-end database.
        (CVE-2014-3055)
    
      - An information disclosure vulnerability exists that
        allows remote attackers to view environment variables
        and certain JAR files along with the versions.
        (CVE-2014-3056)
    
      - A cross-site scripting vulnerability exists that allows
        a remote attacker to execute arbitrary code in a user's
        browser. (CVE-2014-3057)");
    
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21677032");
      # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_related_to_unified_task_list_utl_portlet_cve_2014_3054_cve_2014_3055_cve_2014_3056_cve_2014_3057?lang=en_us
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc07a8d4");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Unified Task List portlet 6.0.1 or later. Refer to IBM's
    advisory for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
      script_require_ports(139, 445);
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    paa_ver = UNKNOWN_VER;
    paa_fix = "6.0.1";
    
    paa = "Unified Task List";
    portlets[paa]["Fixed Version"] = "6.0.1";
    portlets[paa]["File"]  = "\..\paa\unifiedtasklist\components\unifiedtasklist\version\checklists.common.component";
    portlets[paa]["Version Regex"] = 'spec-version="([0-9\\.]+)"\\s*/>';
    portlets[paa]["WP Ranges"] = make_list("7.0.0.0, 7.0.0.2");
    
    
    websphere_portal_check_version(
      portlets:portlets,
      severity:SECURITY_HOLE,
      xss     :TRUE,
      sqli    :TRUE
    );