Scribd Logo
Upload

Welcome to Scribd!

  • CERT-In Vulnerability Notes PDF

    Uploaded by

    Shabeer Ahmed Khan
    15 views2 pages

    Original Title

    CERT-In Vulnerability Notes.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views2 pages

    CERT-In Vulnerability Notes PDF

    Uploaded by

    Shabeer Ahmed Khan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    04/01/2018 CERT-In Vulnerability Notes

    CERT-In Vulnerability Note CIVN-2017-0190


    Information Disclosure Vulnerabilities in IBM WebSphere Portal

    Original Issue Date:December 26, 2017

    Severity Rating: MEDIUM

    Software Affected

    IBM WebSphere Portal 9.0


    IBM WebSphere Portal 8.5
    IBM WebSphere Portal 8.0
    IBM WebSphere Portal 7.0

    Overview

    Multiple vulnerabilities have been reported in IBM Websphere Portal which could allow a remote attacker to obtain sensitive
    information of the affected system.

    Description

    1. Web Application Bridge Information Disclosure Vulnerability ( CVE-2017-1423 )

    This vulnerability exists in the Web Application Bridge component of IBM WebSphere Portal due to exposing of backend server
    URLs which are configured to be used by the Web Application Bridge component. A remote attacker could exploit this
    vulnerability to obtain sensitive information from the affected system.
    Successful exploitation could allow the attacker to conduct further attacks.

    2. Portal Error Message Information Disclosure Vulnerability ( CVE-2017-1698 )

    This vulnerability exists in IBM Websphere Portal due to a condition that exists from an error message which returned from the
    affected system. A remote attacker could exploit this vulnerability by sending malicious requests that triggers an error message.
    Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the affected system.
    This could be leveraged to conduct further attacks.

    Solution

    Apply appropriate updates as mentioned by the vendor:


    http://www-01.ibm.com/support/docview.wss?uid=swg22011400

    http://www-01.ibm.com/support/docview.wss?uid=swg22011519

    Vendor Information

    IBM
    http://www-01.ibm.com/support/docview.wss?uid=swg22011400
    http://www-01.ibm.com/support/docview.wss?uid=swg22011519

    References

    IBM
    http://www-01.ibm.com/support/docview.wss?uid=swg22011400
    http://www-01.ibm.com/support/docview.wss?uid=swg22011519

    Security Tracker
    http://securitytracker.com/id/1040017
    https://securitytracker.com/id/1040043

    Cisco
    https://tools.cisco.com/security/center/viewAlert.x?alertId=56285

    1/2
    04/01/2018 CERT-In Vulnerability Notes
    https://tools.cisco.com/security/center/viewAlert.x?alertId=56323

    CVE Name
    CVE-2017-1423
    CVE-2017-1698

    Disclaimer

    The information provided herein is on "as is" basis, without warranty of any kind.

    Contact Information

    Email: info@cert-in.org.in
    Phone: +91-11-24368572

    Postal address

    Indian Computer Emergency Response Team (CERT-In)


    Ministry of Electronics and Information Technology
    Government of India
    Electronics Niketan
    6, CGO Complex, Lodhi Road,
    New Delhi - 110 003
    India

    2/2

    You might also like