CVE-2018-1668
5.3
CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Summary
IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | DataPower Gateway | 7.6.0.0 | affected |
| IBM | DataPower Gateway | 7.5.2.0 | affected |
| IBM | DataPower Gateway | 7.5.1.0 | affected |
| IBM | DataPower Gateway | 7.5.0.0 | affected |
| IBM | DataPower Gateway | 7.5.0.19 | affected |
| IBM | DataPower Gateway | 7.5.1.18 | affected |
| IBM | DataPower Gateway | 7.5.2.18 | affected |
| IBM | DataPower Gateway | 7.6.0.11 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144894
- https://www.ibm.com/support/docview.wss?uid=ibm10794735
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144894
- https://www.ibm.com/support/docview.wss?uid=ibm10794735
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.