Cross-site scripting in IBM WebSphere Application Server

#VU67213 Cross-site scripting in IBM WebSphere Application Server

Published: 2022-09-13

Vulnerability identifier: #VU67213

Vulnerability risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34336

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM WebSphere Application Server
Server applications / Application servers

Vendor: IBM Corporation

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the Admin Console. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website:

For V9.0.0.0 through 9.0.5.13:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH47531
--OR--
· Apply Fix Pack 9.0.5.14 or later (targeted availability 4Q2022).

For V8.5.0.0 through 8.5.5.22:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH47531
--OR--
· Apply Fix Pack 8.5.5.23 or later (targeted availability 1Q2023).

For V8.0.0.0 through 8.0.0.15:
· Upgrade to 8.0.0.15 and then apply Interim Fix PH47531

For V7.0.0.0 through 7.0.0.45:
· Upgrade to 7.0.0.45 and then apply Interim Fix PH47531

Vulnerable software versions

IBM WebSphere Application Server: 9.0 - 9.0.5.13, 8.5 - 8.5.5.22, 8.0 - 8.0.0.15-WS-WAS-IFPH33994, 7.0.0.0 - 7.0.0.45-WS-WAS-IFPH33994

External links
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-cross-site-scripting-in-the-admin-console-cve-2022-34336/
http://www.ibm.com/support/pages/node/6619699

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Tivoli Monitoring

Cross-site scripting in Jazz for Service Management (JazzSM)

Cross-site scripting in IBM Tivoli System Automation Application Manager

XSS in IBM Master Data Management

XSS in IBM WebSphere Application Server Admin Console