IBM Support

Security Bulletin: Fixes available for Security Vulnerabilities in IBM WebSphere Portal (CVE-2014-4762; CVE-2014-4792)

Security Bulletin


Summary

Fixes are available for security vulnerabilities in IBM WebSphere Portal.

Vulnerability Details

Fixes are available for the following security vulnerabilities in IBM WebSphere Portal:

CVE-ID: CVE-2014-4762

DESCRIPTION:
IBM WebSphere Portal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94659 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

AFFECTED PRODUCTS AND VERSIONS:
WebSphere Portal 8.5
WebSphere Portal 8.0

REMEDIATION:
The recommended solution is to apply PI21973 as soon as practical.
Fix: Apply an Interim Fix or a Cumulative Fix containing PI21973.

For 8.5.0
For 8.0.0 through 8.0.0.1
Additional details and manual fix guide (v8 and v85):

The fix is automatically deployed as part of a cumulative fix installation.
To install the fix manually run the the ConfigEngine task "apply-wcm-library-update-PI21973"

The deployment of this fix automatically modifies the corresponding web content menu component "List of Articles" in base Portal.

This component can be found in one of the following web content library.
- For WebSphere Portal 8000: "Web Content Templates"
- For WebSphere Portal 8001: "Web Content Templates 8001"
- For WebSphere Portal 8500: "Web Content Templates 3.0"

The update cannot be done automatically in case this menu component was changed, renamed, or moved to another location.
If you are uncertain if you have modified this component please review the ConfigTrace.log in the wp_profile_root/ConfigEngine/log directory.

Open the ConfigTrace.log file and search for all occurrences of "[PI21973]". Verify that you see the following success message.

- For WebSphere Portal 8000:
[PI21973]: The update was applied successfully to the web content library "Web Content Templates".

- For WebSphere Portal 8001:
[PI21973]: The update was applied successfully to the web content library "Web Content Templates 8001".

- For WebSphere Portal 8500: [PI21973]: The update was applied successfully to the web
content library "Web Content Templates 3.0".

If the system was migrated from a previous release please verify that you see a success message also for the migrated web content libraries.
If you cannot find this success message in the ConfigTrace.log the menu component could not be modified automatically or the fix has already been installed.

To manually apply the fix, replace all occurrences of the following text in the mentioned menu component using the Web Content Authoring Portlet.

In WebSphere Portal 8001 search for:
<span class='vcard X-sametime-resolve'>
<a target="" title="" href="javascript:SemTagMenu.a11y(event)" class="fn lotusPerson" onclick="return false;" tabindex="0">
[Property context="autofill" type="content" format="cn" field="creator"]
</a>
<span style="display: none;" class="uid">[Property context="autofill" type="content" format="dn" field="creator"]
</span>
</span>

In WebSphere Portal 8500 search for:
<span class='vcard X-sametime-resolve'>
<a title="" target="" href="javascript:SemTagMenu.a11y(event)" class="fn lotusPerson" onclick="return false;" tabindex="0">
[Property context="autofill" type="content" format="cn" field="creator"]
</a>
<span style="display: none;" class="uid">[Property context="autofill" type="content" format="dn" field="creator"]
</span>
</span>

Replace all occurrences with:
[Property context="autofill" type="content" format="cn" awareness="true" field="creator"]

In general it is recommended to use the "Property" web content tag together with the "awareness" attribute set to a value of "true" to generate a Person card in your web content.

In case the web content library was modified automatically by this fix a backup of the previous content of the web content library was exported into the wp_profile_root/PortalServer/wcm/ilwwcm/system/export directory.

To restore the backup unpack the exported file and import the library using the "export-wcm-data" task. For more information please see the topic "Exporting and importing a web content library" in the product documentation.

If you have syndicated the web content library to another virtual portal please syndicate the updated library again after the changes have been applied.

In case you created copies of the web content library please make sure to also manually apply the fix to these copies.

Workaround: None.
Mitigation: None.
CVE-ID: CVE-2014-4792
DESCRIPTION:
IBM WebSphere Portal could allow a remote attacker to upload files. A remote attacker could upload a very large file that could filll the filesystem and cause a denial of service.

CVSS:
CVSS Base Score: 4.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95204 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

AFFECTED PRODUCTS AND VERSIONS:
WebSphere Portal 8.5
WebSphere Portal 8.0
WebSphere Portal 7
WebSphere Portal 6

REMEDIATION:
The recommended solution is to apply PI23334 as soon as practical.
Fix: Apply an Interim Fix or a Cumulative Fix containing PI23334.

For 8.5.0
For 8.0.0 through 8.0.0.1
For 7.0.0 through 7.0.0.2
For 6.1.5.0 through 6.1.5.3
For 6.1.0.0 through 6.1.0.6
Workaround: None.
Mitigation: None.

Get Notified about Future Security Bulletins

Important note

IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.

References

Complete CVSS v2 Guide
On-line Calculator v2

Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

2014-09-09: Original Copy Published
2014-09-15: Updated Fix Central links

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document information

More support for: WebSphere Portal

Software version: 6.1, 7.0, 8.0, 8.5.0

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Reference #: 1681998

Modified date: 15 September 2014