Vulnerabilities > CVE-2016-0245 - Unspecified vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
LOW Summary
The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family CGI abuses NASL id WEBSPHERE_PORTAL_SWG21976358.NASL description The IBM WebSphere Portal installed on the remote host is version 6.1.0.x prior to 6.1.0.6 CF27 with patches, 6.1.5.x prior to 6.1.5.3 CF27 with patches, 7.0.0.x prior to 7.0.0.2 CF29 with patches, 8.0.0.x prior to 8.0.0.1 CF20, or 8.5.0.0 prior to 8.5.0.0 CF09 with patches. It is, therefore, affected by multiple vulnerabilities : - An open redirect vulnerability exists due to improper validation of input before returning it to the user. An attacker can exploit this, via a specially crafted link, to redirect a victim to an arbitrary website. (CVE-2015-7428) - A security bypass vulnerability exists due to insecure permissions. A remote attacker can exploit this to make changes to content items. (CVE-2015-7455) - Multiple unspecified cross-site scripting vulnerabilities exist due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 89689 published 2016-03-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89689 title IBM WebSphere Portal Multiple Vulnerabilities (swg21976358) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(89689); script_version("1.7"); script_cvs_date("Date: 2019/11/20"); script_cve_id( "CVE-2015-7428", "CVE-2015-7455", "CVE-2015-7457", "CVE-2015-7491", "CVE-2016-0243", "CVE-2016-0244", "CVE-2016-0245" ); script_name(english:"IBM WebSphere Portal Multiple Vulnerabilities (swg21976358)"); script_summary(english:"Checks for the install patches."); script_set_attribute(attribute:"synopsis", value: "The web portal software installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The IBM WebSphere Portal installed on the remote host is version 6.1.0.x prior to 6.1.0.6 CF27 with patches, 6.1.5.x prior to 6.1.5.3 CF27 with patches, 7.0.0.x prior to 7.0.0.2 CF29 with patches, 8.0.0.x prior to 8.0.0.1 CF20, or 8.5.0.0 prior to 8.5.0.0 CF09 with patches. It is, therefore, affected by multiple vulnerabilities : - An open redirect vulnerability exists due to improper validation of input before returning it to the user. An attacker can exploit this, via a specially crafted link, to redirect a victim to an arbitrary website. (CVE-2015-7428) - A security bypass vulnerability exists due to insecure permissions. A remote attacker can exploit this to make changes to content items. (CVE-2015-7455) - Multiple unspecified cross-site scripting vulnerabilities exist due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2015-7457, CVE-2015-7491, CVE-2016-0243, CVE-2016-0244) - An XML External Entity (XXE) injection vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition or to disclose sensitive information. (CVE-2016-0245)"); script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21976358"); script_set_attribute(attribute:"solution", value: "Apply the appropriate fixes per the vendor advisory. - For 6.1.0.x, upgrade to version 6.1.0.6 CF27 and apply interim fixes PI54088 and PI55327. - For 6.1.5.x, upgrade to version 6.1.5.3 CF27 and apply interim fixes PI54088 and PI55327. - For 7.0.0.x, upgrade to version 7.0.0.2 CF29 and apply interim fixes PI51234, PI55327, and PI54088. - For 8.0.0.x, upgrade to version 8.0.0.1 CF20. - For 8.5.0.x, upgrade to version 8.5.0 CF09 and apply interim fix PI56682."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7428"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/29"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_portal_installed.nbin"); script_require_keys("installed_sw/IBM WebSphere Portal"); exit(0); } include("websphere_portal_version.inc"); websphere_portal_check_version( checks:make_array( "8.5.0.0, 8.5.0.0, CF00-CF09", make_list('PI56682'), "8.0.0.0, 8.0.0.1", make_list("CF20"), "7.0.0.0, 7.0.0.2, CF00-CF29", make_list('PI51234', 'PI54088', 'PI55327'), "6.1.5.0, 6.1.5.3, CF00-CF27", make_list('PI54088', 'PI55327'), "6.1.0.0, 6.1.0.6, CF00-CF27", make_list('PI54088', 'PI55327') ), severity:SECURITY_WARNING, xss: TRUE );
NASL family CGI abuses NASL id WEBSPHERE_PORTAL_8_0_0_1_CF20.NASL description The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF20. It is, therefore, affected by multiple vulnerabilities : - An open redirect vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted link, to redirect a user from the intended legitimate web site to an arbitrary web site of the attacker last seen 2020-06-01 modified 2020-06-02 plugin id 93076 published 2016-08-23 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93076 title IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF20 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(93076); script_version("1.5"); script_cvs_date("Date: 2019/11/14"); script_cve_id("CVE-2015-7428", "CVE-2016-0245"); script_bugtraq_id(83479, 83485); script_name(english:"IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF20 Multiple Vulnerabilities"); script_summary(english:"Checks for the installed patch."); script_set_attribute(attribute:"synopsis", value: "The web portal software installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF20. It is, therefore, affected by multiple vulnerabilities : - An open redirect vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted link, to redirect a user from the intended legitimate web site to an arbitrary web site of the attacker's choosing. (CVE-2015-7428) - An XML external entity (XXE) injection vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An authenticated, remote attacker can exploit this, via specially crafted XML data, to cause a denial of service or disclose sensitive information. (CVE-2016-0245)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24034497#CF20"); script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21976358"); script_set_attribute(attribute:"solution", value: "Upgrade to IBM WebSphere Portal version 8.0.0.1 CF20 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7428"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_portal_installed.nbin"); script_require_keys("installed_sw/IBM WebSphere Portal"); exit(0); } include("websphere_portal_version.inc"); websphere_portal_check_version( ranges:make_list("8.0.0.0, 8.0.0.1"), fix:"CF20", severity:SECURITY_WARNING, xss:TRUE );
NASL family CGI abuses NASL id WEBSPHERE_PORTAL_8_5_0_0_CF10.NASL description The version of IBM WebSphere Portal installed on the remote Windows host is 8.5.0.0 prior to 8.5.0.0 CF10. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists that is triggered when handling a specially crafted request. An unauthenticated, remote attacker can exploit this to inject arbitrary LDAP content and view, add, modify or delete information in the user repository. (CVE-2015-7472) - An XXE (XML external entity) injection vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition or disclose sensitive information. (CVE-2016-0245) - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 93027 published 2016-08-18 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93027 title IBM WebSphere Portal 8.5.0.0 < 8.5.0.0 CF10 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(93027); script_version("1.6"); script_cvs_date("Date: 2018/08/06 14:03:14"); script_cve_id( "CVE-2015-7472", "CVE-2016-0245", "CVE-2016-2925" ); script_bugtraq_id( 82548, 83485, 92180 ); script_name(english:"IBM WebSphere Portal 8.5.0.0 < 8.5.0.0 CF10 Multiple Vulnerabilities"); script_summary(english:"Checks for the installed patch."); script_set_attribute(attribute:"synopsis", value: "The web portal software installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of IBM WebSphere Portal installed on the remote Windows host is 8.5.0.0 prior to 8.5.0.0 CF10. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists that is triggered when handling a specially crafted request. An unauthenticated, remote attacker can exploit this to inject arbitrary LDAP content and view, add, modify or delete information in the user repository. (CVE-2015-7472) - An XXE (XML external entity) injection vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition or disclose sensitive information. (CVE-2016-0245) - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-2925)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037786#CF10"); script_set_attribute(attribute:"solution", value: "Upgrade to IBM WebSphere Portal version 8.5.0.0 CF10."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date",value:"2016/02/02"); script_set_attribute(attribute:"patch_publication_date",value:"2016/02/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/18"); script_set_attribute(attribute:"plugin_type",value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:ibm:websphere_portal"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_dependencies("websphere_portal_installed.nbin"); script_require_keys("installed_sw/IBM WebSphere Portal"); exit(0); } include("websphere_portal_version.inc"); websphere_portal_check_version( ranges:make_list("8.5.0.0, 8.5.0.0"), fix:"CF10", severity:SECURITY_WARNING, xss:TRUE );