Test ID:	1.3.6.1.4.1.25623.1.0.811254
Category:	Web Servers
Title:	IBM WebSphere Application Server Multiple Vulnerabilities (swg22004785, swg22004786)
Summary:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Description:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Insecure file permissions after custom startup scripts are run. The custom startup script will not pull the umask from the server.xml. - Insufficient sanitizaion of input in the Web UI. Vulnerability Impact: Successful exploitation will allow a local attacker could exploit this to gain access to files with an unknown impact and allow remote attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Affected Software/OS: IBM WebSphere Application Server version 9.0.0.0 through 9.0.0.4, 8.5.0.0 through 8.5.5.11, 8.0.0.0 through 8.0.0.13 and 7.0.0.0 through 7.0.0.43. Solution: Update to version 9.0.0.5, 8.5.5.12, 8.0.0.14, 7.0.0.45 or later. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1380 BugTraq ID: 99961 http://www.securityfocus.com/bid/99961 https://exchange.xforce.ibmcloud.com/vulnerabilities/127151 http://www.securitytracker.com/id/1038978 Common Vulnerability Exposure (CVE) ID: CVE-2017-1382 BugTraq ID: 99960 http://www.securityfocus.com/bid/99960 https://exchange.xforce.ibmcloud.com/vulnerabilities/127153 http://www.securitytracker.com/id/1038977
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.