Test Kennung:	1.3.6.1.4.1.25623.1.0.811254
Kategorie:	Web Servers
Titel:	IBM WebSphere Application Server Multiple Vulnerabilities (swg22004785, swg22004786)
Zusammenfassung:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Beschreibung:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Insecure file permissions after custom startup scripts are run. The custom startup script will not pull the umask from the server.xml. - Insufficient sanitizaion of input in the Web UI. Vulnerability Impact: Successful exploitation will allow a local attacker could exploit this to gain access to files with an unknown impact and allow remote attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Affected Software/OS: IBM WebSphere Application Server version 9.0.0.0 through 9.0.0.4, 8.5.0.0 through 8.5.5.11, 8.0.0.0 through 8.0.0.13 and 7.0.0.0 through 7.0.0.43. Solution: Update to version 9.0.0.5, 8.5.5.12, 8.0.0.14, 7.0.0.45 or later. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1380 BugTraq ID: 99961 http://www.securityfocus.com/bid/99961 https://exchange.xforce.ibmcloud.com/vulnerabilities/127151 http://www.securitytracker.com/id/1038978 Common Vulnerability Exposure (CVE) ID: CVE-2017-1382 BugTraq ID: 99960 http://www.securityfocus.com/bid/99960 https://exchange.xforce.ibmcloud.com/vulnerabilities/127153 http://www.securitytracker.com/id/1038977
Copyright	Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.