CVE-2018-1664

Summary

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890.

Affected Software

VendorProductVersion RangeStatus
IBMDataPower Gateway CD7.7.0.0affected
IBMDataPower Gateway CD7.7.1.2affected
IBMDataPower Gateways7.1.0.0affected
IBMDataPower Gateways7.1.0.23affected
IBMDataPower Gateways7.2.0.0affected
IBMDataPower Gateways7.2.0.21affected
IBMDataPower Gateways7.5.0.0affected
IBMDataPower Gateways7.5.1.0affected
IBMDataPower Gateways7.6.0.0affected
IBMDataPower Gateways7.5.2.0affected
IBMDataPower Gateways7.5.0.16affected
IBMDataPower Gateways7.5.1.15affected
IBMDataPower Gateways7.6.0.8affected
IBMDataPower Gateways7.5.2.15affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References