Sign-up

ID

VAR-201812-0393


CVE

CVE-2018-1667


TITLE

IBM DataPower Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-011425

DESCRIPTION

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893. Vendors have confirmed this vulnerability IBM X-Force ID: 144893 It is released as.Information may be obtained and information may be altered. A security weakness 2. An attacker may leverage these issues to obtain sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks and obtain sensitive information. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. Version 0.0 to version 7.5.0.18

Trust: 1.98

sources: NVD: CVE-2018-1667 // JVNDB: JVNDB-2018-011425 // BID: 106816 // VULHUB: VHN-127052

AFFECTED PRODUCTS

vendor:ibmmodel:datapower gatewayscope:gteversion:7.7.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.2.17

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.2.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.1.17

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.6.0.10

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.7.1.3

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.0.18

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.6.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.1.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.3

Trust: 0.9

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.0.0

Trust: 0.9

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.0 to 7.5.0.18

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0 to 7.5.1.17

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.0 to 7.5.2.17

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.0 to 7.6.0.10

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.0.0 to 7.7.1.3

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.2

Trust: 0.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.0

Trust: 0.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.1

Trust: 0.6

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.7

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.14

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.16

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.14

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.6.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.2.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.1.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.0.19

Trust: 0.3

sources: BID: 106816 // JVNDB: JVNDB-2018-011425 // CNNVD: CNNVD-201812-622 // NVD: CVE-2018-1667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1667
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2018-1667
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1667
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-622
value: MEDIUM

Trust: 0.6

VULHUB: VHN-127052
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-1667
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127052
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1667
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-127052 // JVNDB: JVNDB-2018-011425 // CNNVD: CNNVD-201812-622 // NVD: CVE-2018-1667 // NVD: CVE-2018-1667

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-127052 // JVNDB: JVNDB-2018-011425 // NVD: CVE-2018-1667

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-622

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201812-622

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011425

PATCH
title:0744209url:https://www-01.ibm.com/support/docview.wss?uid=ibm10744209
Trust: 0.8
title:ibm-websphere-cve20181667-xss (144893)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144893
Trust: 0.8
title:IBM DataPower Gateway Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87864
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011425 // 
            
            
            
            CNNVD: CNNVD-201812-622

EXTERNAL IDS
db:NVDid:CVE-2018-1667
Trust: 2.8
db:JVNDBid:JVNDB-2018-011425
Trust: 0.8
db:CNNVDid:CNNVD-201812-622
Trust: 0.7
db:BIDid:106816
Trust: 0.3
db:VULHUBid:VHN-127052
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127052 // 
            
            
            
            BID: 106816 // 
            
            
            
            JVNDB: JVNDB-2018-011425 // 
            
            
            
            CNNVD: CNNVD-201812-622 // 
            
            
            
            NVD: CVE-2018-1667

REFERENCES
url:https://www.ibm.com/support/docview.wss?uid=ibm10744209
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144893
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1667
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1667
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10744209
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10744195
Trust: 0.3
sources:
            
            
            VULHUB: VHN-127052 // 
            
            
            
            BID: 106816 // 
            
            
            
            JVNDB: JVNDB-2018-011425 // 
            
            
            
            CNNVD: CNNVD-201812-622 // 
            
            
            
            NVD: CVE-2018-1667

CREDITS
Srinivasarao Kotipalli & Jeremy Soh.
Trust: 0.3
sources:
            
            
            BID: 106816

SOURCES
db:VULHUBid:VHN-127052
db:BIDid:106816
db:JVNDBid:JVNDB-2018-011425
db:CNNVDid:CNNVD-201812-622
db:NVDid:CVE-2018-1667

LAST UPDATE DATE
2024-11-23T22:45:08.369000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127052date:2019-10-09T00:00:00
db:BIDid:106816date:2018-12-11T00:00:00
db:JVNDBid:JVNDB-2018-011425date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201812-622date:2019-10-17T00:00:00
db:NVDid:CVE-2018-1667date:2024-11-21T04:00:10.243

SOURCES RELEASE DATE
db:VULHUBid:VHN-127052date:2018-12-13T00:00:00
db:BIDid:106816date:2018-12-11T00:00:00
db:JVNDBid:JVNDB-2018-011425date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201812-622date:2018-12-13T00:00:00
db:NVDid:CVE-2018-1667date:2018-12-13T16:29:00.600