CVE-2018-1666
4.3
CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O
Summary
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | DataPower Gateway | 7.6.0.0 | affected |
| IBM | DataPower Gateway | 7.5.2.0 | affected |
| IBM | DataPower Gateway | 7.5.1.0 | affected |
| IBM | DataPower Gateway | 7.5.0.0 | affected |
| IBM | DataPower Gateway | 7.7.0.0 | affected |
| IBM | DataPower Gateway | 7.7.1.3 | affected |
| IBM | DataPower Gateway | 7.5.0.19 | affected |
| IBM | DataPower Gateway | 7.5.1.18 | affected |
| IBM | DataPower Gateway | 7.5.2.18 | affected |
| IBM | DataPower Gateway | 7.6.0.11 | affected |
| IBM | DataPower Gateway | 2018.4.1.0 | affected |
Weaknesses
- Other
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/docview.wss?uid=ibm10744205
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144892
References
- https://www.ibm.com/support/docview.wss?uid=ibm10744205
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144892
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.