CVE-2018-1669

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 7.1.0.0 through 7.1.0.23 IBM DataPower Gateway versions 7.2.0.0 through 7.2.0.21 IBM DataPower Gateway versions 7.5.0.0 through 7.5.0.16 IBM DataPower Gateway versions 7.5.1.0 through 7.5.1.15 IBM DataPower Gateway versions 7.5.2.0 through 7.5.2.15 IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.8 IBM DataPower Gateway CD versions 7.7.0.0 through 7.7.1.2

Description The issue allows a remote attacker to exploit the vulnerability and expose sensitive information or consume memory resources through a XML External Entity Injection (XXE) attack when processing XML data.

Recommendations For IBM DataPower Gateway versions 7.1.0.0 through 7.1.0.23, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.2.0.0 through 7.2.0.21, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.5.0.0 through 7.5.0.16, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.5.1.0 through 7.5.1.15, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.5.2.0 through 7.5.2.15, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.8, update to a version outside of this range to resolve the issue. For IBM DataPower Gateway CD versions 7.7.0.0 through 7.7.1.2, update to a version outside of this range to resolve the issue.