Sign-up

ID

VAR-201511-0082


CVE

CVE-2015-7427


TITLE

IBM DataPower Gateway Unspecified in appliance firmware Cookie Vulnerability that is captured

Trust: 0.8

sources: JVNDB: JVNDB-2015-005924

DESCRIPTION

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. IBM DataPower Gateways is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads of IBM Corporation in the United States, which can utilize a dedicated gateway The platform secures, integrates and optimizes access across channels. The following versions are affected: IBM DataPower Gateway 6.0.0.16 and earlier, 6.0.1.12, 7.0.0.9, 7.1.0.6, 7.2.0.0

Trust: 1.98

sources: NVD: CVE-2015-7427 // JVNDB: JVNDB-2015-005924 // BID: 77754 // VULHUB: VHN-85388

AFFECTED PRODUCTS

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.4

Trust: 1.6

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.6

Trust: 1.6

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.9

Trust: 1.6

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.0

Trust: 1.6

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.1

Trust: 1.6

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.8

Trust: 1.6

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.5

Trust: 1.6

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.7

Trust: 1.6

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.10

Trust: 1.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.2

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.11

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.16

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.9

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.1

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.2

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.13

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.4

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.6

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.6

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.3

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.3

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:6.0.0.16

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.4

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.5

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.1

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.7

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.2

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.8

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.12

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.14

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.5

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.15

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.3

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.1

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.10

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.1.17

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:ltversion:7.1.0.x

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:ltversion:7.2.x

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.0.17

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:ltversion:6.0.1.x

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.7

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:ltversion:6.x

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:ltversion:7.x

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:6.0.0.16

Trust: 0.6

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:6.0.1.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:6.0.0.16

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.2.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.1.0.7

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.0.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:6.0.1.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:6.0.0.17

Trust: 0.3

sources: BID: 77754 // JVNDB: JVNDB-2015-005924 // CNNVD: CNNVD-201511-253 // NVD: CVE-2015-7427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7427
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7427
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-253
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85388
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7427
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85388
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85388 // JVNDB: JVNDB-2015-005924 // CNNVD: CNNVD-201511-253 // NVD: CVE-2015-7427

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-85388 // JVNDB: JVNDB-2015-005924 // NVD: CVE-2015-7427

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-253

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201511-253

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005924

PATCH
title:IT10279url:http://www-01.ibm.com/support/docview.wss?uid=swg1IT10279
Trust: 0.8
title:1969342url:http://www-01.ibm.com/support/docview.wss?uid=swg21969342
Trust: 0.8
title:IBM DataPower Gateway Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58741
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005924 // 
            
            
            
            CNNVD: CNNVD-201511-253

EXTERNAL IDS
db:NVDid:CVE-2015-7427
Trust: 2.8
db:JVNDBid:JVNDB-2015-005924
Trust: 0.8
db:CNNVDid:CNNVD-201511-253
Trust: 0.7
db:BIDid:77754
Trust: 0.4
db:VULHUBid:VHN-85388
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85388 // 
            
            
            
            BID: 77754 // 
            
            
            
            JVNDB: JVNDB-2015-005924 // 
            
            
            
            CNNVD: CNNVD-201511-253 // 
            
            
            
            NVD: CVE-2015-7427

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1it10279
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21969342
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7427
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7427
Trust: 0.8
url:http://www.ibm.com
Trust: 0.3
url:https://www-304.ibm.com/support/docview.wss?uid=swg21969342
Trust: 0.3
sources:
            
            
            VULHUB: VHN-85388 // 
            
            
            
            BID: 77754 // 
            
            
            
            JVNDB: JVNDB-2015-005924 // 
            
            
            
            CNNVD: CNNVD-201511-253 // 
            
            
            
            NVD: CVE-2015-7427

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 77754

SOURCES
db:VULHUBid:VHN-85388
db:BIDid:77754
db:JVNDBid:JVNDB-2015-005924
db:CNNVDid:CNNVD-201511-253
db:NVDid:CVE-2015-7427

LAST UPDATE DATE
2024-11-23T22:27:04.432000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85388date:2015-11-16T00:00:00
db:BIDid:77754date:2015-11-18T00:00:00
db:JVNDBid:JVNDB-2015-005924date:2015-11-17T00:00:00
db:CNNVDid:CNNVD-201511-253date:2015-11-18T00:00:00
db:NVDid:CVE-2015-7427date:2024-11-21T02:36:46.250

SOURCES RELEASE DATE
db:VULHUBid:VHN-85388date:2015-11-14T00:00:00
db:BIDid:77754date:2015-11-18T00:00:00
db:JVNDBid:JVNDB-2015-005924date:2015-11-17T00:00:00
db:CNNVDid:CNNVD-201511-253date:2015-11-16T00:00:00
db:NVDid:CVE-2015-7427date:2015-11-14T03:59:07.850