CVE-2018-1666

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 7.5.0.0 through 7.5.0.19 IBM DataPower Gateway versions 7.5.1.0 through 7.5.1.18 IBM DataPower Gateway versions 7.5.2.0 through 7.5.2.18 IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.11 IBM DataPower Gateway versions 7.7.0.0 through 7.7.1.3 IBM DataPower Gateway version 2018.4.1.0

Description The issue allows an authenticated user to inject arbitrary messages that would be displayed on the UI.

Recommendations For IBM DataPower Gateway version 2018.4.1.0, update to a version that fixes this issue. For IBM DataPower Gateway versions 7.5.0.0 through 7.5.0.19, update to a version that fixes this issue. For IBM DataPower Gateway versions 7.5.1.0 through 7.5.1.18, update to a version that fixes this issue. For IBM DataPower Gateway versions 7.5.2.0 through 7.5.2.18, update to a version that fixes this issue. For IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.11, update to a version that fixes this issue. For IBM DataPower Gateway versions 7.7.0.0 through 7.7.1.3, update to a version that fixes this issue.