#VU233 Input validation flaw in WebSphere Portal - CVE-2016-2925
Vulnerability identifier: #VU233
Vulnerability risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-79
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
WebSphere Portal
Server applications /
Application servers
Vendor: IBM Corporation
Description
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to improper validation of user-supplied input. A remote attacker can perform a cross-site scripting attack by using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Mitigation
For version 8.5.0 upgrade to Cumulative Fix 10 (CF10).
For versions 8.0.0 through 8.0.0.1 upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 21 (CF21).
For vervions 7.0.0 through 7.0.0.2 upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 30 (CF30) and then apply the Interim Fix PI62749.
For versions 6.1.5.0 through 6.1.5.3 upgrade to Fix Pack 6.1.5.3 with Cumulative Fix 27 (CF27) and then apply the Interim Fix PI62749.
For versions 6.1.0.0 through 6.1.0.6 upgrade to Fix Pack 6.1.0.6 with Cumulative Fix 27 (CF27) and then apply the Interim Fix PI62749.
Vulnerable software versions
WebSphere Portal: 6.1.0.0 - 8.5.0.0
External links
https://www-01.ibm.com/support/docview.wss?uid=swg21986461
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
