CVE-2019-4621

8.1HIGH

Key Information:

Vendor: IBM
Status: Datapower Gateway
Vendor: CVE Published:; 9 December 2019

Summary

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.

Affected Version(s)

DataPower Gateway 7.6.0.0

DataPower Gateway 2018.4.1.0

DataPower Gateway 7.6.0.14

References

https://www.ibm.com/support/pages/node/1125615

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/168883

vdb-entryx_refsource_XF

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2019
Vulnerability Reserved
Jan 3, 2019