CVE-2018-1666

Summary

IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.

Affected Software

VendorProductVersion RangeStatus
IBMDataPower Gateway7.6.0.0affected
IBMDataPower Gateway7.5.2.0affected
IBMDataPower Gateway7.5.1.0affected
IBMDataPower Gateway7.5.0.0affected
IBMDataPower Gateway7.7.0.0affected
IBMDataPower Gateway7.7.1.3affected
IBMDataPower Gateway7.5.0.19affected
IBMDataPower Gateway7.5.1.18affected
IBMDataPower Gateway7.5.2.18affected
IBMDataPower Gateway7.6.0.11affected
IBMDataPower Gateway2018.4.1.0affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References