Vulnerability CVE-2016-3040 - CERT Civis.Net

Vulnerability Name:

CVE-2016-3040 (CCN-114636)

Assigned:

2016-09-12

Published:

2016-09-12

Updated:

2016-11-28

Summary:

IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS v3 Severity:

6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

4.9 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-3040

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21989205

Source: CCN
Type: IBM Security Bulletin 1986715 (WebSphere Application Server)
Open Redirect vulnerability in WebSphere Application Server Liberty (CVE-2016-3040)

Source: CCN
Type: IBM Security Bulletin 1989205 (Security Privileged Identity Manager)
Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager

Source: CCN
Type: IBM Security Bulletin 1990236 (WebSphere Application Server for Bluemix)
Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

Source: CCN
Type: IBM Security Bulletin 1990527 (Liberty for Java for Bluemix)
Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix

Source: CCN
Type: IBM Security Bulletin 1993794 (Monitoring)
vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products

Source: CCN
Type: IBM Security Bulletin 1995133 (Spectrum Control Standard Edition)
Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-3040

Source: CCN
Type: IBM Security Bulletin 1995247 (MessageSight)
Open Redirect vulnerability in IBM MessageSight (CVE-2016-3040)

Source: CCN
Type: IBM Security Bulletin 1995546 (Tivoli Storage Manager Extended Edition)
Multiple security vulnerabilities in IBM WebSphere Application Server Liberty affect Tivoli Storage Manager (IBM Spectrum Protect) Operations Center (CVE-2016-0378, CVE-2016-3040, CVE-2016-3042, CVE-2016-5986)

Source: CCN
Type: IBM Security Bulletin 1996788 (MQ Light)
Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM MQ Light (CVE-2016-5986, CVE-2016-3040, CVE-2016-0378)

Source: CCN
Type: IBM Security Bulletin 1996984 (Tivoli Netcool/Impact)
IBM Tivoli Netcool Impact affected by Open Redirect vulnerability in IBM WebSphere Application Server Liberty (CVE-2016-3040)

Source: CCN
Type: IBM Security Bulletin 1998827 (Control Center)
Multiple vulnerabilities in IBM WebSphere affect IBM Control Center (CVE-2016-3042, CVE-2016-3040, CVE-2016-5986, CVE-2016-0378)

Source: CCN
Type: IBM Security Bulletin C1000214 (MobileFirst Platform Foundation)
Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Worklight and IBM MobileFirst Platform Foundation

Source: BID
Type: UNKNOWN
92986

Source: CCN
Type: BID-92986
IBM WebSphere Application Server Liberty CVE-2016-3040 Open Redirect Vulnerability

Source: XF
Type: UNKNOWN
ibm-websphere-cve20163040-open-redirect(114636)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:security_privileged_identity_manager_virtual_appliance:2.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:security_privileged_identity_manager:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_privileged_identity_manager:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*

AND

cpe:/a:ibm:messagesight_jms_client:1.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_mq_light:1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:messagesight:1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_mq_light:1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:monitoring:8.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.1.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable