PT-2019-9366 · Ibm · Ibm Datapower Gateway

Jeremy Soh

Publicado

2019-01-29

Atualizado

2020-08-24

CVE-2018-1668

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 7.5.0.0 through 7.5.2.18 IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.11

Description The issue allows "null" logins, which could give read access to IPMI data, potentially leading to the exposure of sensitive information.

Recommendations For IBM DataPower Gateway versions 7.5.0.0 through 7.5.2.18, update to a version outside of the affected range to prevent "null" logins and restrict access to IPMI data. For IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.11, update to a version outside of the affected range to prevent "null" logins and restrict access to IPMI data. As a temporary workaround, consider restricting access to IPMI data until a patch is available.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2018-1668

Produtos afetados

Ibm Datapower Gateway

PT-2019-9366 · Ibm · Ibm Datapower Gateway

CVE-2018-1668

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4