PT-2018-13686 · Ibm · Ibm Datapower Gateway
Jeremy Soh
+1
·
Publicado
2018-12-13
·
Atualizado
2019-10-09
·
CVE-2018-1667
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM DataPower Gateway versions 7.5.0.0 through 7.5.0.18
IBM DataPower Gateway versions 7.5.1.0 through 7.5.1.17
IBM DataPower Gateway versions 7.5.2.0 through 7.5.2.17
IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.10
IBM DataPower Gateway versions 7.7.0.0 through 7.7.1.3
Description
The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session.
Recommendations
For versions 7.5.0.0 through 7.5.0.18, update to a fixed version to resolve the issue.
For versions 7.5.1.0 through 7.5.1.17, update to a fixed version to resolve the issue.
For versions 7.5.2.0 through 7.5.2.17, update to a fixed version to resolve the issue.
For versions 7.6.0.0 through 7.6.0.10, update to a fixed version to resolve the issue.
For versions 7.7.0.0 through 7.7.1.3, update to a fixed version to resolve the issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Datapower Gateway