PT-2019-9366 · Ibm · Ibm Datapower Gateway

Jeremy Soh

Published

2019-01-29

Updated

2020-08-24

CVE-2018-1668

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 7.5.0.0 through 7.5.2.18 IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.11

Description The issue allows "null" logins, which could give read access to IPMI data, potentially leading to the exposure of sensitive information.

Recommendations For IBM DataPower Gateway versions 7.5.0.0 through 7.5.2.18, update to a version outside of the affected range to prevent "null" logins and restrict access to IPMI data. For IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.11, update to a version outside of the affected range to prevent "null" logins and restrict access to IPMI data. As a temporary workaround, consider restricting access to IPMI data until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-1668

Affected Products

Ibm Datapower Gateway

PT-2019-9366 · Ibm · Ibm Datapower Gateway

CVE-2018-1668

Weakness Enumeration

Related Identifiers

Affected Products

References · 4