WebSphere Automation "How To" Series #14 : How to get CVE impact summaries using APIs

View Only

WebSphere Automation "How To" Series #14 : How to get CVE impact summaries using APIs

By Brian Hanczaryk posted Tue June 21, 2022 06:55 AM

Like

oc -n WSA_INSTANCE_NAMESPACE get secret admin-user-details -o jsonpath='{.data.initial_admin_password}' | base64 -d && echo

WSA_INSTANCE_NAMESPACE is the namespace of the instance where WebSphere Automation is installed.

Replace <password> in the following command with the value returned from the command above, and use the correct value for WSA_INSTANCE_NAMESPACE.

curl -k -X POST -H 'Content-Type: application/json' -d '{"username":"admin","password":"<password>"}' https://$(oc get route -n WSA_INSTANCE_NAMESPACE -o jsonpath='{.items[?(@.spec.to.name=="ibm-nginx-svc")].spec.host}')/icp4d-api/v1/authorize | jq -r .token

To get the necessary URL value to use in the curl commands, we can append a prefix of 'https://' and a suffix of '/websphereauto/secvul/apis' around the result of the following command.

oc get route -n WSA_INSTANCE_NAMESPACE -o jsonpath='{.items[?(@.spec.to.name=="ibm-nginx-svc")].spec.host}'

To set a URL variable on Linux, we could use the following

URL=https://$(oc get route -n WSA_INSTANCE_NAMESPACE -o jsonpath='{.items[?(@.spec.to.name=="ibm-nginx-svc")].spec.host}')/websphereauto/secvul/apis

Now that we've captured the token and URL values, we can show how to utilize the WebSphere Automation REST APIs to get CVE impact summaries.

For this example, we've registered a WebSphere Application Server traditional v9.0.5.10 server and a WebSphere Liberty 21.0.0.12 server with several fixes applied as shown in the following screenshot.

The Swagger UI shows the following available Analytics operations.

Using CLI with the token value set in a variable TOKEN and url set in a variable URL, we can issue the following command to get the CVE impact summaries and use jq to pretty print the json output.

[root@api.XXX.ibm.com Analytics]# curl -k -X GET "${URL}/analytics/cveImpactSummaries?limit=100" -H "accept: application/json" -H "Authorization: Bearer $TOKEN" | jq . 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4196    0  4196    0     0  37464      0 --:--:-- --:--:-- --:--:-- 37464

{
  "offset": 0,
  "limit": 100,
  "total_count": 9,
  "results": [
    {
      "id": "CVE-2021-39038",
      "securityBulletinId": "9ba75eb9-b77d-3071-843b-4f487d79f9f4",
      "description": "IBM WebSphere Application Server could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.",
      "cvssBaseScore": 4.4,
      "vulnerabilityDetected": "2022-05-19T16:46:43Z",
      "maxSecondsExposed": 72212,
      "vulnerableServers": 0,
      "patchedServers": 1
    },
    {
      "id": "CVE-2022-21340",
      "securityBulletinId": "496d4509-dfe8-3072-a8be-2d394683bf21",
      "description": "An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
      "cvssBaseScore": 5.3,
      "vulnerabilityDetected": "2022-05-19T16:46:41Z",
      "maxSecondsExposed": 72211,
      "vulnerableServers": 0,
      "patchedServers": 1
    },
    {
      "id": "CVE-2021-35603",
      "securityBulletinId": "496d4509-dfe8-3072-a8be-2d394683bf21",
      "description": "An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.",
      "cvssBaseScore": 3.7,
      "vulnerabilityDetected": "2022-05-19T16:46:41Z",
      "maxSecondsExposed": 72211,
      "vulnerableServers": 0,
      "patchedServers": 1
    },
    {
      "id": "CVE-2021-23450",
      "securityBulletinId": "fa87efd3-6092-392e-b15c-bbab13d5e5b4",
      "description": "Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.",
      "cvssBaseScore": 9.8,
      "vulnerabilityDetected": "2022-05-19T16:46:42Z",
      "maxSecondsExposed": 72212,
      "vulnerableServers": 0,
      "patchedServers": 1
    },
    {
      "id": "CVE-2022-22365",
      "securityBulletinId": "dea61e89-3789-3bb9-8919-2eece51ac6e4",
      "description": "IBM WebSphere Application Server, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames.",
      "cvssBaseScore": 5.6,
      "vulnerabilityDetected": "2022-05-19T16:46:42Z",
      "maxSecondsExposed": 72212,
      "vulnerableServers": 0,
      "patchedServers": 1
    },
    {
      "id": "CVE-2021-38951",
      "securityBulletinId": "f5697581-ef60-3b61-a7bd-f7a35fe31c09",
      "description": "IBM WebSphere Application Server is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources.",
      "cvssBaseScore": 7.5,
      "vulnerabilityDetected": "2022-05-19T16:46:42Z",
      "maxSecondsExposed": 72212,
      "vulnerableServers": 0,
      "patchedServers": 1
    },
    {
      "id": "CVE-2021-35550",
      "securityBulletinId": "496d4509-dfe8-3072-a8be-2d394683bf21",
      "description": "An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.",
      "cvssBaseScore": 5.9,
      "vulnerabilityDetected": "2022-05-19T16:46:41Z",
      "maxSecondsExposed": 72211,
      "vulnerableServers": 0,
      "patchedServers": 1
    },
    {
      "id": "CVE-2022-21299",
      "securityBulletinId": "12959664-bdcc-396a-b0af-f15886b07354",
      "description": "An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
      "cvssBaseScore": 5.3,
      "vulnerabilityDetected": "2022-06-13T17:31:56Z",
      "maxSecondsExposed": 245690,
      "vulnerableServers": 0,
      "patchedServers": 2
    },
    {
      "id": "CVE-2022-21496",
      "securityBulletinId": "12959664-bdcc-396a-b0af-f15886b07354",
      "description": "An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.",
      "cvssBaseScore": 5.3,
      "vulnerabilityDetected": "2022-06-13T17:31:56Z",
      "maxSecondsExposed": 245690,
      "vulnerableServers": 0,
      "patchedServers": 2
    }
  ]
}

For this example, we can see that there were 9 CVE impact summaries detected in this environment which have previously been remedied by applying iFixes to the servers. Using the APIs, the maximum number of results returned is determined by the 'limit' parameter. The value must be an integer between 1 and 100. The default 'limit' parameter is 25.

You can find more IBM Docs related to WebSphere Automation at https://www.ibm.com/docs/en/ws-automation.
#websphere #automation #WSA #WebSphereAutomation

0 comments

27 views

WebSphere Application Server & Liberty

WebSphere Automation "How To" Series #14 : How to get CVE impact summaries using APIs

By Brian Hanczaryk posted Tue June 21, 2022 06:55 AM

Permalink