CVE-2018-1664

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 7.1.0.0 through 7.1.0.23 IBM DataPower Gateway versions 7.2.0.0 through 7.2.0.21 IBM DataPower Gateway versions 7.5.0.0 through 7.5.0.16 IBM DataPower Gateway versions 7.5.1.0 through 7.5.1.15 IBM DataPower Gateway versions 7.5.2.0 through 7.5.2.15 IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.8 IBM DataPower Gateway CD versions 7.7.0.0 through 7.7.1.2

Description The echoing of AMP management interface authorization headers in IBM DataPower Gateway exposes login credentials in the browser cache.

Recommendations For IBM DataPower Gateway versions 7.1.0.0 through 7.1.0.23, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.2.0.0 through 7.2.0.21, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.5.0.0 through 7.5.0.16, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.5.1.0 through 7.5.1.15, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.5.2.0 through 7.5.2.15, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.8, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway CD versions 7.7.0.0 through 7.7.1.2, update to a version outside of this range to resolve the issue.