Information Disclosure in IBM DataPower Gateway Products
CVE-2018-1668
5.3MEDIUM
Summary
The IBM DataPower Gateway is affected by a vulnerability that allows 'null' logins, potentially granting unauthorized users read access to sensitive IPMI data. This may allow attackers to obtain critical information without proper authentication, presenting a significant risk to the security and privacy of the system.
Affected Version(s)
DataPower Gateway 7.6.0.0
DataPower Gateway 7.5.2.0
DataPower Gateway 7.5.1.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved