Search criteria
10 vulnerabilities found for DataPower Gateways by IBM
CVE-2018-1661 (GCVE-0-2018-1661)
Vulnerability from cvelistv5 – Published: 2018-12-20 14:00 – Updated: 2024-09-16 23:51
VLAI?
Summary
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataPower Gateways |
Affected:
7.5
Affected: 7.5.1 Affected: 7.5.2 Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:43.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181661-csrf(144887)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744189"
},
{
"name": "106329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2018-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:N/S:U/UI:R/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-28T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181661-csrf(144887)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744189"
},
{
"name": "106329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-12T00:00:00",
"ID": "CVE-2018-1661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.5.1"
},
{
"version_value": "7.5.2"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181661-csrf(144887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144887"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10744189",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744189"
},
{
"name": "106329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1661",
"datePublished": "2018-12-20T14:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:14.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1677 (GCVE-0-2018-1677)
Vulnerability from cvelistv5 – Published: 2018-12-20 14:00 – Updated: 2024-09-16 20:17
VLAI?
Summary
IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataPower Gateways |
Affected:
7.1
Affected: 7.2 Affected: 7.5 Affected: 7.5.1 Affected: 7.5.2 Affected: 7.6 Affected: 7.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181677-dos(145171)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145171"
},
{
"name": "106284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744555"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.7"
}
]
}
],
"datePublic": "2018-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:H/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-25T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181677-dos(145171)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145171"
},
{
"name": "106284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744555"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-12T00:00:00",
"ID": "CVE-2018-1677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.1"
},
{
"version_value": "7.5.2"
},
{
"version_value": "7.6"
},
{
"version_value": "7.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "L",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181677-dos(145171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145171"
},
{
"name": "106284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106284"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10744555",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744555"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1677",
"datePublished": "2018-12-20T14:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:17:29.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1667 (GCVE-0-2018-1667)
Vulnerability from cvelistv5 – Published: 2018-12-13 16:00 – Updated: 2024-09-16 17:03
VLAI?
Summary
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataPower Gateways |
Affected:
7.5.0.0
Affected: 7.5.1.0 Affected: 7.6.0.0 Affected: 7.5.2.0 Affected: 7.7.0.0 Affected: 7.5.0.18 Affected: 7.5.1.17 Affected: 7.5.2.17 Affected: 7.6.0.10 Affected: 7.7.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744209"
},
{
"name": "ibm-websphere-cve20181667-xss(144893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.1.0"
},
{
"status": "affected",
"version": "7.6.0.0"
},
{
"status": "affected",
"version": "7.5.2.0"
},
{
"status": "affected",
"version": "7.7.0.0"
},
{
"status": "affected",
"version": "7.5.0.18"
},
{
"status": "affected",
"version": "7.5.1.17"
},
{
"status": "affected",
"version": "7.5.2.17"
},
{
"status": "affected",
"version": "7.6.0.10"
},
{
"status": "affected",
"version": "7.7.1.3"
}
]
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744209"
},
{
"name": "ibm-websphere-cve20181667-xss(144893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.1.0"
},
{
"version_value": "7.6.0.0"
},
{
"version_value": "7.5.2.0"
},
{
"version_value": "7.7.0.0"
},
{
"version_value": "7.5.0.18"
},
{
"version_value": "7.5.1.17"
},
{
"version_value": "7.5.2.17"
},
{
"version_value": "7.6.0.10"
},
{
"version_value": "7.7.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10744209",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744209"
},
{
"name": "ibm-websphere-cve20181667-xss(144893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1667",
"datePublished": "2018-12-13T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:03:41.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1652 (GCVE-0-2018-1652)
Vulnerability from cvelistv5 – Published: 2018-12-11 16:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | DataPower Gateways |
Affected:
7.1.0.0
Affected: 7.2.0.0 Affected: 7.5.0.0 Affected: 7.5.1.0 Affected: 7.6.0.0 Affected: 7.5.2.0 Affected: 7.6.0.2 Affected: 7.5.2.9 Affected: 7.5.1.9 Affected: 7.5.0.10 Affected: 7.2.0.16 Affected: 7.1.0.19 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-mq-cve20181652-dos(144724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "7.2.0.0"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.1.0"
},
{
"status": "affected",
"version": "7.6.0.0"
},
{
"status": "affected",
"version": "7.5.2.0"
},
{
"status": "affected",
"version": "7.6.0.2"
},
{
"status": "affected",
"version": "7.5.2.9"
},
{
"status": "affected",
"version": "7.5.1.9"
},
{
"status": "affected",
"version": "7.5.0.10"
},
{
"status": "affected",
"version": "7.2.0.16"
},
{
"status": "affected",
"version": "7.1.0.19"
}
]
},
{
"product": "MQ Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.8"
}
]
}
],
"datePublic": "2018-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-11T15:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-mq-cve20181652-dos(144724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-10T00:00:00",
"ID": "CVE-2018-1652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.2.0.0"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.1.0"
},
{
"version_value": "7.6.0.0"
},
{
"version_value": "7.5.2.0"
},
{
"version_value": "7.6.0.2"
},
{
"version_value": "7.5.2.9"
},
{
"version_value": "7.5.1.9"
},
{
"version_value": "7.5.0.10"
},
{
"version_value": "7.2.0.16"
},
{
"version_value": "7.1.0.19"
}
]
}
},
{
"product_name": "MQ Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.5"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.8"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-mq-cve20181652-dos(144724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10717483",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10744557",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1652",
"datePublished": "2018-12-11T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:54:00.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1663 (GCVE-0-2018-1663)
Vulnerability from cvelistv5 – Published: 2018-12-07 16:00 – Updated: 2024-09-17 01:41
VLAI?
Summary
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataPower Gateways |
Affected:
7.5
Affected: 7.5.1 Affected: 7.5.2 Affected: 7.6 Affected: 2018.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181663-info-disc(144889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144889"
},
{
"name": "106199",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10740033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "2018.4"
}
]
}
],
"datePublic": "2018-12-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-14T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181663-info-disc(144889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144889"
},
{
"name": "106199",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10740033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-05T00:00:00",
"ID": "CVE-2018-1663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.5.1"
},
{
"version_value": "7.5.2"
},
{
"version_value": "7.6"
},
{
"version_value": "2018.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181663-info-disc(144889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144889"
},
{
"name": "106199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106199"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10740033",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10740033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1663",
"datePublished": "2018-12-07T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:41:02.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1669 (GCVE-0-2018-1669)
Vulnerability from cvelistv5 – Published: 2018-09-25 16:00 – Updated: 2024-09-16 22:21
VLAI?
Summary
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | DataPower Gateways |
Affected:
7.1.0.0
Affected: 7.1.0.23 Affected: 7.2.0.0 Affected: 7.2.0.21 Affected: 7.5.0.0 Affected: 7.5.1.0 Affected: 7.6.0.0 Affected: 7.5.2.0 Affected: 7.5.0.16 Affected: 7.5.1.15 Affected: 7.6.0.8 Affected: 7.5.2.15 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
},
{
"name": "ibm-websphere-cve20181669-info-disc(144950)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "7.1.0.23"
},
{
"status": "affected",
"version": "7.2.0.0"
},
{
"status": "affected",
"version": "7.2.0.21"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.1.0"
},
{
"status": "affected",
"version": "7.6.0.0"
},
{
"status": "affected",
"version": "7.5.2.0"
},
{
"status": "affected",
"version": "7.5.0.16"
},
{
"status": "affected",
"version": "7.5.1.15"
},
{
"status": "affected",
"version": "7.6.0.8"
},
{
"status": "affected",
"version": "7.5.2.15"
}
]
},
{
"product": "DataPower Gateway CD",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.7.0.0"
},
{
"status": "affected",
"version": "7.7.1.2"
}
]
}
],
"datePublic": "2018-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-25T15:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
},
{
"name": "ibm-websphere-cve20181669-info-disc(144950)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-20T00:00:00",
"ID": "CVE-2018-1669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.1.0.23"
},
{
"version_value": "7.2.0.0"
},
{
"version_value": "7.2.0.21"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.1.0"
},
{
"version_value": "7.6.0.0"
},
{
"version_value": "7.5.2.0"
},
{
"version_value": "7.5.0.16"
},
{
"version_value": "7.5.1.15"
},
{
"version_value": "7.6.0.8"
},
{
"version_value": "7.5.2.15"
}
]
}
},
{
"product_name": "DataPower Gateway CD",
"version": {
"version_data": [
{
"version_value": "7.7.0.0"
},
{
"version_value": "7.7.1.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10730489",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
},
{
"name": "ibm-websphere-cve20181669-info-disc(144950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1669",
"datePublished": "2018-09-25T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:21:18.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1664 (GCVE-0-2018-1664)
Vulnerability from cvelistv5 – Published: 2018-09-25 16:00 – Updated: 2024-09-17 03:07
VLAI?
Summary
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | DataPower Gateway CD |
Affected:
7.7.0.0
Affected: 7.7.1.2 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181664-info-disc(144890)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10730509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateway CD",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.7.0.0"
},
{
"status": "affected",
"version": "7.7.1.2"
}
]
},
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "7.1.0.23"
},
{
"status": "affected",
"version": "7.2.0.0"
},
{
"status": "affected",
"version": "7.2.0.21"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.1.0"
},
{
"status": "affected",
"version": "7.6.0.0"
},
{
"status": "affected",
"version": "7.5.2.0"
},
{
"status": "affected",
"version": "7.5.0.16"
},
{
"status": "affected",
"version": "7.5.1.15"
},
{
"status": "affected",
"version": "7.6.0.8"
},
{
"status": "affected",
"version": "7.5.2.15"
}
]
}
],
"datePublic": "2018-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-25T15:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181664-info-disc(144890)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10730509"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-20T00:00:00",
"ID": "CVE-2018-1664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateway CD",
"version": {
"version_data": [
{
"version_value": "7.7.0.0"
},
{
"version_value": "7.7.1.2"
}
]
}
},
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.1.0.23"
},
{
"version_value": "7.2.0.0"
},
{
"version_value": "7.2.0.21"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.1.0"
},
{
"version_value": "7.6.0.0"
},
{
"version_value": "7.5.2.0"
},
{
"version_value": "7.5.0.16"
},
{
"version_value": "7.5.1.15"
},
{
"version_value": "7.6.0.8"
},
{
"version_value": "7.5.2.15"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181664-info-disc(144890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144890"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10730509",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10730509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1664",
"datePublished": "2018-09-25T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:07:40.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1421 (GCVE-0-2018-1421)
Vulnerability from cvelistv5 – Published: 2018-04-04 18:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023.
Severity ?
7.1 (High)
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataPower Gateways |
Affected:
7.1
Affected: 7.2 Affected: 7.5 Affected: 7.5.1 Affected: 7.5.2 Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22015055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2018-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-04T17:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22015055"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-03T00:00:00",
"ID": "CVE-2018-1421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.1"
},
{
"version_value": "7.5.2"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139023",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139023"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22015055",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22015055"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1421",
"datePublished": "2018-04-04T18:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:25:52.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1773 (GCVE-0-2017-1773)
Vulnerability from cvelistv5 – Published: 2018-01-31 15:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataPower Gateways |
Affected:
7.1
Affected: 7.2 Affected: 7.5 Affected: 7.5.1 Affected: 7.5.2 Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012758"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2018-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-31T14:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012758"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-30T00:00:00",
"ID": "CVE-2017-1773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.1"
},
{
"version_value": "7.5.2"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012758",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012758"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136817",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1773",
"datePublished": "2018-01-31T15:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:38:15.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1591 (GCVE-0-2017-1591)
Vulnerability from cvelistv5 – Published: 2017-09-27 17:00 – Updated: 2024-09-16 18:55
VLAI?
Summary
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataPower Gateways |
Affected:
7.0.0
Affected: 7.1 Affected: 7.2 Affected: 7.5 Affected: 7.5.1 Affected: 7.5.2 Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:31.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008815"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368"
},
{
"name": "101021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DataPower Gateways",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-02T19:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008815"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368"
},
{
"name": "101021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-25T00:00:00",
"ID": "CVE-2017-1591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.0.0"
},
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.1"
},
{
"version_value": "7.5.2"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008815",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008815"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368"
},
{
"name": "101021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1591",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:55:34.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}