CVE-2018-1664

Published Sep 25, 2018

Last updated 5 years ago

CVSS high 7.8

Overview

Description: IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69375372-AF42-4418-B158-1C77F189C98F",
            "versionEndIncluding": "7.1.0.23",
            "versionStartIncluding": "7.1.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AC1AB57-FD0C-48E9-A7D0-187F4BC7BF4C",
            "versionEndIncluding": "7.2.0.21",
            "versionStartIncluding": "7.2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "311319B3-E639-4E8F-821D-D015ABBE5BDD",
            "versionEndIncluding": "7.5.0.16",
            "versionStartIncluding": "7.5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42D9086E-01CA-45A6-997F-4FEF06129563",
            "versionEndIncluding": "7.5.1.15",
            "versionStartIncluding": "7.5.1.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1532496-EB5E-4DD6-B036-2CB51CCF34C2",
            "versionEndIncluding": "7.5.2.15",
            "versionStartIncluding": "7.5.2.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0082AC99-D241-4250-9DCF-4149EB06E489",
            "versionEndIncluding": "7.6.0.8",
            "versionStartIncluding": "7.6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53430850-E693-48AB-9E79-75227711EF91",
            "versionEndIncluding": "7.7.1.2",
            "versionStartIncluding": "7.7.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References