CVE-2018-1669

Summary

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.

Affected Software

VendorProductVersion RangeStatus
IBMDataPower Gateways7.1.0.0affected
IBMDataPower Gateways7.1.0.23affected
IBMDataPower Gateways7.2.0.0affected
IBMDataPower Gateways7.2.0.21affected
IBMDataPower Gateways7.5.0.0affected
IBMDataPower Gateways7.5.1.0affected
IBMDataPower Gateways7.6.0.0affected
IBMDataPower Gateways7.5.2.0affected
IBMDataPower Gateways7.5.0.16affected
IBMDataPower Gateways7.5.1.15affected
IBMDataPower Gateways7.6.0.8affected
IBMDataPower Gateways7.5.2.15affected
IBMDataPower Gateway CD7.7.0.0affected
IBMDataPower Gateway CD7.7.1.2affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References