Information Disclosure in IBM DataPower Gateway Products
CVE-2018-1668

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Datapower Gateway
Vendor: CVE Published:; 29 January 2019

Summary

The IBM DataPower Gateway is affected by a vulnerability that allows 'null' logins, potentially granting unauthorized users read access to sensitive IPMI data. This may allow attackers to obtain critical information without proper authentication, presenting a significant risk to the security and privacy of the system.

Affected Version(s)

DataPower Gateway 7.6.0.0

DataPower Gateway 7.5.2.0

DataPower Gateway 7.5.1.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/144894

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10794735

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2019
Vulnerability Reserved
Dec 13, 2017