Sign-up

ID

VAR-201809-0605


CVE

CVE-2018-1664


TITLE

IBM DataPower Gateway and DataPower Gateway CD Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-010241

DESCRIPTION

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890. Vendors have confirmed this vulnerability IBM X-Force ID: 144890 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads of IBM Corporation in the United States, which can utilize a dedicated gateway The platform secures, integrates and optimizes access across channels

Trust: 1.98

sources: NVD: CVE-2018-1664 // JVNDB: JVNDB-2018-010241 // BID: 107856 // VULHUB: VHN-127019

AFFECTED PRODUCTS

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.0.16

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.2.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.6.0.8

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.2.15

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.7.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.1.0.23

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.2.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.2.0.21

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.1.15

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.1.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.6.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.7.1.2

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.1.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.0

Trust: 0.9

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.0 to 7.1.0.23

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.0 to 7.2.0.21

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.0 to 7.5.0.16

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0 to 7.5.1.15

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.0 to 7.5.2.15

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.0 to 7.6.0.8

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:cd 7.7.0.0 to 7.7.1.2

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.2

Trust: 0.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.0

Trust: 0.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.0.0

Trust: 0.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.1

Trust: 0.6

vendor:ibmmodel:datapower gateway cdscope:eqversion:7.7.1.2

Trust: 0.3

vendor:ibmmodel:datapower gateway cdscope:eqversion:7.7.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.15

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.15

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.21

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.7

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.23

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.22

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.20

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.19

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.15

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.14

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.12

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.0

Trust: 0.3

sources: BID: 107856 // JVNDB: JVNDB-2018-010241 // CNNVD: CNNVD-201809-1099 // NVD: CVE-2018-1664

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1664
value: HIGH

Trust: 1.0

psirt@us.ibm.com: CVE-2018-1664
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1664
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-1099
value: HIGH

Trust: 0.6

VULHUB: VHN-127019
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-1664
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127019
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1664
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

psirt@us.ibm.com: CVE-2018-1664
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-127019 // JVNDB: JVNDB-2018-010241 // CNNVD: CNNVD-201809-1099 // NVD: CVE-2018-1664 // NVD: CVE-2018-1664

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-127019 // JVNDB: JVNDB-2018-010241 // NVD: CVE-2018-1664

THREAT TYPE

local

Trust: 0.9

sources: BID: 107856 // CNNVD: CNNVD-201809-1099

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-1099

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010241

PATCH
title:0730509url:https://www-01.ibm.com/support/docview.wss?uid=ibm10730509
Trust: 0.8
title:ibm-websphere-cve20181664-info-disc (144890)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144890
Trust: 0.8
title:IBM DataPower Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85154
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010241 // 
            
            
            
            CNNVD: CNNVD-201809-1099

EXTERNAL IDS
db:NVDid:CVE-2018-1664
Trust: 2.8
db:JVNDBid:JVNDB-2018-010241
Trust: 0.8
db:CNNVDid:CNNVD-201809-1099
Trust: 0.7
db:BIDid:107856
Trust: 0.3
db:VULHUBid:VHN-127019
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127019 // 
            
            
            
            BID: 107856 // 
            
            
            
            JVNDB: JVNDB-2018-010241 // 
            
            
            
            CNNVD: CNNVD-201809-1099 // 
            
            
            
            NVD: CVE-2018-1664

REFERENCES
url:https://www.ibm.com/support/docview.wss?uid=ibm10730509
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144890
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1664
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1664
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10730509
Trust: 0.3
sources:
            
            
            VULHUB: VHN-127019 // 
            
            
            
            BID: 107856 // 
            
            
            
            JVNDB: JVNDB-2018-010241 // 
            
            
            
            CNNVD: CNNVD-201809-1099 // 
            
            
            
            NVD: CVE-2018-1664

CREDITS
Srinivasarao Kotipalli & Jeremy Soh
Trust: 0.3
sources:
            
            
            BID: 107856

SOURCES
db:VULHUBid:VHN-127019
db:BIDid:107856
db:JVNDBid:JVNDB-2018-010241
db:CNNVDid:CNNVD-201809-1099
db:NVDid:CVE-2018-1664

LAST UPDATE DATE
2024-11-23T22:17:18.949000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127019date:2019-10-09T00:00:00
db:BIDid:107856date:2018-09-20T00:00:00
db:JVNDBid:JVNDB-2018-010241date:2018-12-10T00:00:00
db:CNNVDid:CNNVD-201809-1099date:2019-10-17T00:00:00
db:NVDid:CVE-2018-1664date:2024-11-21T04:00:09.873

SOURCES RELEASE DATE
db:VULHUBid:VHN-127019date:2018-09-25T00:00:00
db:BIDid:107856date:2018-09-20T00:00:00
db:JVNDBid:JVNDB-2018-010241date:2018-12-10T00:00:00
db:CNNVDid:CNNVD-201809-1099date:2018-09-26T00:00:00
db:NVDid:CVE-2018-1664date:2018-09-25T15:29:01.080