Authorization Header Exposure in IBM DataPower Gateway
CVE-2018-1664

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Datapower Gateway Cd; Datapower Gateways
Vendor: CVE Published:; 25 September 2018

Summary

The IBM DataPower Gateway is vulnerable to exposure of authorization headers through its management interface, which may result in the exposure of sensitive login credentials stored in the browser cache. This issue can potentially allow unauthorized access to user accounts and sensitive data by exposing authentication details if not mitigated properly. Various versions of the gateway, including multiple releases across several major and minor versions, are affected. It is crucial for users and administrators to ensure that they take the necessary steps to protect their configurations and secure their systems.

Affected Version(s)

DataPower Gateway CD 7.7.0.0

DataPower Gateway CD 7.7.1.2

DataPower Gateways 7.1.0.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/144890

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10730509

x_refsource_CONFIRM

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2018
Vulnerability Reserved
Dec 13, 2017