Sign-up

ID

VAR-201812-0395


CVE

CVE-2018-1652


TITLE

IBM DataPower Gateway and MQ Appliance Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012014

DESCRIPTION

IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. Vendors have confirmed this vulnerability IBM X-Force ID: 144724 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following products and versions are affected: IBM DataPower Gateway Version 7.1.0.0 to Version 7.1.0.19, Version 7.2.0.0 to Version 7.2.0.16, Version 7.5.0.0 to Version 7.5.0.10, Version 7.5.1.0 to Version 7.5.1.9, Version 7.5.2.0 to version 7.5.2.9, version 7.6.0.0 to version 7.6.0.2; MQ Appliance version 8.0.0.0 to version 8.0.0.8, version 9.0.1 to version 9.0.5

Trust: 1.98

sources: NVD: CVE-2018-1652 // JVNDB: JVNDB-2018-012014 // BID: 106403 // VULHUB: VHN-126887

AFFECTED PRODUCTS

vendor:ibmmodel:datapower gatewayscope:gteversion:7.2.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.2.9

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.0.10

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.6.0.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:gteversion:9.0.1

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.6.0.2

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.1.9

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.2.0.16

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.2.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:gteversion:8.0.0.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:lteversion:9.0.5

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.1.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.1.0.19

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.1.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:lteversion:8.0.0.8

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.0 to 7.1.0.19

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.0 to 7.2.0.16

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.0 to 7.5.0.10

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0 to 7.5.1.9

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.0 to 7.5.2.9

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.0 to 7.6.0.2

Trust: 0.8

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.0 to 8.0.0.8

Trust: 0.8

vendor:ibmmodel:mq appliancescope:eqversion:9.0.1 to 9.0.5

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.0

Trust: 0.6

vendor:ibmmodel:mq appliance cdscope:eqversion:9.0.5

Trust: 0.3

vendor:ibmmodel:mq appliance cdscope:eqversion:9.0.4

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:9.0.4

Trust: 0.3

vendor:ibmmodel:mq appliance cdscope:eqversion:9.0.3

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:9.0.3

Trust: 0.3

vendor:ibmmodel:mq appliance cdscope:eqversion:9.0.2

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:9.0.2

Trust: 0.3

vendor:ibmmodel:mq appliance cdscope:eqversion:9.0.1

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:9.0.1

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.8

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.7

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.6

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.4

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.3

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.2

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:mq appliancescope:eqversion:8.0.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.16

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.2.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.7

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.19

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.15

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.14

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.12

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.10

Trust: 0.3

vendor:ibmmodel:mq appliancescope:neversion:9.1.1

Trust: 0.3

vendor:ibmmodel:mq appliancescope:neversion:8.0.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.6.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.2.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.1.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.2.0.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.1.0.20

Trust: 0.3

sources: BID: 106403 // JVNDB: JVNDB-2018-012014 // CNNVD: CNNVD-201812-341 // NVD: CVE-2018-1652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1652
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2018-1652
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1652
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-341
value: MEDIUM

Trust: 0.6

VULHUB: VHN-126887
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-1652
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-126887
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1652
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

psirt@us.ibm.com: CVE-2018-1652
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-126887 // JVNDB: JVNDB-2018-012014 // CNNVD: CNNVD-201812-341 // NVD: CVE-2018-1652 // NVD: CVE-2018-1652

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-126887 // JVNDB: JVNDB-2018-012014 // NVD: CVE-2018-1652

THREAT TYPE

local

Trust: 0.9

sources: BID: 106403 // CNNVD: CNNVD-201812-341

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201812-341

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012014

PATCH
title:0717483url:https://www.ibm.com/support/docview.wss?uid=ibm10717483
Trust: 0.8
title:0744557url:https://www.ibm.com/support/docview.wss?uid=ibm10744557
Trust: 0.8
title:ibm-mq-cve20181652-dos (144724)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144724
Trust: 0.8
title:IBM DataPower Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87602
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012014 // 
            
            
            
            CNNVD: CNNVD-201812-341

EXTERNAL IDS
db:NVDid:CVE-2018-1652
Trust: 2.8
db:JVNDBid:JVNDB-2018-012014
Trust: 0.8
db:CNNVDid:CNNVD-201812-341
Trust: 0.7
db:BIDid:106403
Trust: 0.3
db:VULHUBid:VHN-126887
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126887 // 
            
            
            
            BID: 106403 // 
            
            
            
            JVNDB: JVNDB-2018-012014 // 
            
            
            
            CNNVD: CNNVD-201812-341 // 
            
            
            
            NVD: CVE-2018-1652

REFERENCES
url:https://www.ibm.com/support/docview.wss?uid=ibm10717483
Trust: 1.7
url:https://www.ibm.com/support/docview.wss?uid=ibm10744557
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144724
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1652
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1652
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10744557
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10717483
Trust: 0.3
sources:
            
            
            VULHUB: VHN-126887 // 
            
            
            
            BID: 106403 // 
            
            
            
            JVNDB: JVNDB-2018-012014 // 
            
            
            
            CNNVD: CNNVD-201812-341 // 
            
            
            
            NVD: CVE-2018-1652

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 106403

SOURCES
db:VULHUBid:VHN-126887
db:BIDid:106403
db:JVNDBid:JVNDB-2018-012014
db:CNNVDid:CNNVD-201812-341
db:NVDid:CVE-2018-1652

LAST UPDATE DATE
2024-11-23T22:51:53.839000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126887date:2019-10-09T00:00:00
db:BIDid:106403date:2018-12-07T00:00:00
db:JVNDBid:JVNDB-2018-012014date:2019-01-29T00:00:00
db:CNNVDid:CNNVD-201812-341date:2019-10-17T00:00:00
db:NVDid:CVE-2018-1652date:2024-11-21T04:00:08.467

SOURCES RELEASE DATE
db:VULHUBid:VHN-126887date:2018-12-11T00:00:00
db:BIDid:106403date:2018-12-07T00:00:00
db:JVNDBid:JVNDB-2018-012014date:2019-01-29T00:00:00
db:CNNVDid:CNNVD-201812-341date:2018-12-10T00:00:00
db:NVDid:CVE-2018-1652date:2018-12-11T16:29:00.467