Sign-up

ID

VAR-201812-0406


CVE

CVE-2018-1663


TITLE

IBM DataPower Gateways Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012512

DESCRIPTION

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889. IBM DataPower Gateways Contains an information disclosure vulnerability. Vendors report this vulnerability IBM X-Force ID: 144889 Published as.Information may be obtained. Successful exploits will lead to other attacks. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. The following versions are affected: IBM DataPower Gateway Version 7.7.0.0 to Version 7.7.1.3 (CD), Version 7.6.0.0 to Version 7.6.0.9, Version 7.5.2.0 to Version 7.5.2.16, Version 7.5.1.0 to Version 7.5.1.16 , version 7.5.0.0 to version 7.5.0.17

Trust: 1.98

sources: NVD: CVE-2018-1663 // JVNDB: JVNDB-2018-012512 // BID: 106199 // VULHUB: VHN-127008

AFFECTED PRODUCTS

vendor:ibmmodel:datapower gatewayscope:eqversion:2018.4

Trust: 2.4

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.2.16

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.7.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.1.16

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.2.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.7.1.3

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.6.0.9

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.0.17

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.6.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.1.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.3

Trust: 0.9

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.0.0

Trust: 0.9

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.2

Trust: 0.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.0

Trust: 0.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.1

Trust: 0.6

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.14

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.1

Trust: 0.3

sources: BID: 106199 // JVNDB: JVNDB-2018-012512 // CNNVD: CNNVD-201812-284 // NVD: CVE-2018-1663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1663
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2018-1663
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1663
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-284
value: MEDIUM

Trust: 0.6

VULHUB: VHN-127008
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1663
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127008
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1663
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-127008 // JVNDB: JVNDB-2018-012512 // CNNVD: CNNVD-201812-284 // NVD: CVE-2018-1663 // NVD: CVE-2018-1663

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-127008 // JVNDB: JVNDB-2018-012512 // NVD: CVE-2018-1663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-284

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-284

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012512

PATCH
title:0740033url:https://www.ibm.com/support/docview.wss?uid=ibm10740033
Trust: 0.8
title:ibm-websphere-cve20181663-info-disc (144889)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144889
Trust: 0.8
title:IBM DataPower Gateways Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87551
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012512 // 
            
            
            
            CNNVD: CNNVD-201812-284

EXTERNAL IDS
db:NVDid:CVE-2018-1663
Trust: 2.8
db:BIDid:106199
Trust: 2.0
db:JVNDBid:JVNDB-2018-012512
Trust: 0.8
db:CNNVDid:CNNVD-201812-284
Trust: 0.7
db:VULHUBid:VHN-127008
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127008 // 
            
            
            
            BID: 106199 // 
            
            
            
            JVNDB: JVNDB-2018-012512 // 
            
            
            
            CNNVD: CNNVD-201812-284 // 
            
            
            
            NVD: CVE-2018-1663

REFERENCES
url:http://www.securityfocus.com/bid/106199
Trust: 1.7
url:https://www.ibm.com/support/docview.wss?uid=ibm10740033
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144889
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1663
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1663
Trust: 0.8
url:http://www.ibm.com
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10740033
Trust: 0.3
sources:
            
            
            VULHUB: VHN-127008 // 
            
            
            
            BID: 106199 // 
            
            
            
            JVNDB: JVNDB-2018-012512 // 
            
            
            
            CNNVD: CNNVD-201812-284 // 
            
            
            
            NVD: CVE-2018-1663

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 106199

SOURCES
db:VULHUBid:VHN-127008
db:BIDid:106199
db:JVNDBid:JVNDB-2018-012512
db:CNNVDid:CNNVD-201812-284
db:NVDid:CVE-2018-1663

LAST UPDATE DATE
2024-11-23T22:26:06.447000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127008date:2019-10-09T00:00:00
db:BIDid:106199date:2018-12-05T00:00:00
db:JVNDBid:JVNDB-2018-012512date:2019-02-05T00:00:00
db:CNNVDid:CNNVD-201812-284date:2019-10-17T00:00:00
db:NVDid:CVE-2018-1663date:2024-11-21T04:00:09.753

SOURCES RELEASE DATE
db:VULHUBid:VHN-127008date:2018-12-07T00:00:00
db:BIDid:106199date:2018-12-05T00:00:00
db:JVNDBid:JVNDB-2018-012512date:2019-02-05T00:00:00
db:CNNVDid:CNNVD-201812-284date:2018-12-07T00:00:00
db:NVDid:CVE-2018-1663date:2018-12-07T16:29:00.413