Details of VAR-201002-0245

ID

VAR-201002-0245

CVE

CVE-2010-0704

TITLE

IBM WebSphere Portal Portlet Palette Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2010-0267 // CNNVD: CNNVD-201002-269

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. The IBM WebSphere Portal server is a commercial portal solution. is prone to a cross-site scripting vulnerability. Other versions may also be affected. SOLUTION: Apply APAR PM05829. PROVIDED AND/OR DISCOVERED BY: The vendor credits Sjoerd Resink, Fox-IT BV. ORIGINAL ADVISORY: http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2010-0704 // JVNDB: JVNDB-2010-004526 // CNVD: CNVD-2010-0267 // BID: 73736 // PACKETSTORM: 86585

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-0267

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere portal	scope:	eq	version:	6.0.1.5	Trust: 1.6
vendor:	ibm	model:	websphere portal	scope:	eq	version:	6.0.1.5 wp6015_008_01	Trust: 0.8
vendor:	ibm	model:	websphere portal version build level wp6015 008 01	scope:	eq	version:	6.0.1.5	Trust: 0.6

sources: CNVD: CNVD-2010-0267 // JVNDB: JVNDB-2010-004526 // CNNVD: CNNVD-201002-269 // NVD: CVE-2010-0704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0704
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-0704
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201002-269
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2010-0704
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2010-004526 // CNNVD: CNNVD-201002-269 // NVD: CVE-2010-0704

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2010-004526 // NVD: CVE-2010-0704

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-269

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 86585 // CNNVD: CNNVD-201002-269

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-004526

PATCH

title:	PM05829	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829	Trust: 0.8
title:	Patch for IBM WebSphere Portal Portlet Palette Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/2350	Trust: 0.6

sources: CNVD: CNVD-2010-0267 // JVNDB: JVNDB-2010-004526

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0704	Trust: 3.3
db:	SECUNIA	id:	38574	Trust: 2.3
db:	JVNDB	id:	JVNDB-2010-004526	Trust: 0.8
db:	CNVD	id:	CNVD-2010-0267	Trust: 0.6
db:	AIXAPAR	id:	PM05829	Trust: 0.6
db:	CNNVD	id:	CNNVD-201002-269	Trust: 0.6
db:	BID	id:	73736	Trust: 0.3
db:	PACKETSTORM	id:	86585	Trust: 0.1

sources: CNVD: CNVD-2010-0267 // BID: 73736 // JVNDB: JVNDB-2010-004526 // PACKETSTORM: 86585 // CNNVD: CNNVD-201002-269 // NVD: CVE-2010-0704

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg1pm05829	Trust: 2.0
url:	http://secunia.com/advisories/38574	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0704	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0704	Trust: 0.8
url:	http://secunia.com/advisories/38574/	Trust: 0.7
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/74	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-0267 // BID: 73736 // JVNDB: JVNDB-2010-004526 // PACKETSTORM: 86585 // CNNVD: CNNVD-201002-269 // NVD: CVE-2010-0704

CREDITS

Unknown

Trust: 0.3

sources: BID: 73736

SOURCES

db:	CNVD	id:	CNVD-2010-0267
db:	BID	id:	73736
db:	JVNDB	id:	JVNDB-2010-004526
db:	PACKETSTORM	id:	86585
db:	CNNVD	id:	CNNVD-201002-269
db:	NVD	id:	CVE-2010-0704

LAST UPDATE DATE

2024-11-23T22:39:24.718000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0267	date:	2010-02-23T00:00:00
db:	BID	id:	73736	date:	2010-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2010-004526	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201002-269	date:	2010-02-25T00:00:00
db:	NVD	id:	CVE-2010-0704	date:	2024-11-21T01:12:47.073

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0267	date:	2010-02-23T00:00:00
db:	BID	id:	73736	date:	2010-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2010-004526	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	86585	date:	2010-02-23T16:23:36
db:	CNNVD	id:	CNNVD-201002-269	date:	2010-02-25T00:00:00
db:	NVD	id:	CVE-2010-0704	date:	2010-02-25T00:30:00.593