CVE-2019-4621

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 6.0.0 through 6.0.14 IBM DataPower Gateway versions 7.6.0.0 through 7.6.0 (no end version specified, assuming up to but not including the next major release) IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.5

Description The issue concerns a default administrator account that is enabled when the IPMI LAN channel is enabled, allowing a remote attacker to gain unauthorized access to the BMC.

Recommendations For IBM DataPower Gateway versions 6.0.0 through 6.0.14, disable the default administrator account or restrict access to the IPMI LAN channel. For IBM DataPower Gateway versions 7.6.0.0, disable the default administrator account or restrict access to the IPMI LAN channel. For IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.5, disable the default administrator account or restrict access to the IPMI LAN channel.