PT-2019-9364 · Ibm · Ibm Datapower Gateway
Jeremy Soh
+1
·
Published
2019-02-07
·
Updated
2020-08-24
·
CVE-2018-1666
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM DataPower Gateway versions 7.5.0.0 through 7.5.0.19
IBM DataPower Gateway versions 7.5.1.0 through 7.5.1.18
IBM DataPower Gateway versions 7.5.2.0 through 7.5.2.18
IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.11
IBM DataPower Gateway versions 7.7.0.0 through 7.7.1.3
IBM DataPower Gateway version 2018.4.1.0
Description
The issue allows an authenticated user to inject arbitrary messages that would be displayed on the UI.
Recommendations
For IBM DataPower Gateway version 2018.4.1.0, update to a version that fixes this issue.
For IBM DataPower Gateway versions 7.5.0.0 through 7.5.0.19, update to a version that fixes this issue.
For IBM DataPower Gateway versions 7.5.1.0 through 7.5.1.18, update to a version that fixes this issue.
For IBM DataPower Gateway versions 7.5.2.0 through 7.5.2.18, update to a version that fixes this issue.
For IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.11, update to a version that fixes this issue.
For IBM DataPower Gateway versions 7.7.0.0 through 7.7.1.3, update to a version that fixes this issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Datapower Gateway