Information Disclosure in IBM DataPower Gateway Products
CVE-2018-1668

5.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
29 January 2019

Summary

The IBM DataPower Gateway is affected by a vulnerability that allows 'null' logins, potentially granting unauthorized users read access to sensitive IPMI data. This may allow attackers to obtain critical information without proper authentication, presenting a significant risk to the security and privacy of the system.

Affected Version(s)

DataPower Gateway 7.6.0.0

DataPower Gateway 7.5.2.0

DataPower Gateway 7.5.1.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.