Sign-up

ID

VAR-201812-0416


CVE

CVE-2018-1665


TITLE

IBM DataPower Gateway Vulnerabilities related to cryptographic strength

Trust: 0.8

sources: JVNDB: JVNDB-2018-013105

DESCRIPTION

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891. IBM DataPower Gateway Contains a cryptographic strength vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 144891 It is released as.Information may be obtained. IBM DataPower Gateways is prone to the following vulnerabilities: 1. A security weakness 2. A cross-site scripting vulnerability. An attacker may leverage these issues to obtain sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. 0.0 version to 7.7.1.3 version

Trust: 1.98

sources: NVD: CVE-2018-1665 // JVNDB: JVNDB-2018-013105 // BID: 106816 // VULHUB: VHN-127030

AFFECTED PRODUCTS

vendor:ibmmodel:datapower gatewayscope:gteversion:7.7.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.2.17

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.2.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.1.17

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.6.0.10

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.7.1.3

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.0.18

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.6.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.1.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.3

Trust: 0.9

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.0.0

Trust: 0.9

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.0 to 7.5.0.18

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0 to 7.5.1.17

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.0 to 7.5.2.17

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.0 to 7.6.0.10

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.0.0 to 7.7.1.3

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.2

Trust: 0.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.0

Trust: 0.6

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.1

Trust: 0.6

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.7

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.7.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.14

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.16

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.14

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.6.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.2.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.1.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.0.19

Trust: 0.3

sources: BID: 106816 // JVNDB: JVNDB-2018-013105 // CNNVD: CNNVD-201812-621 // NVD: CVE-2018-1665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1665
value: HIGH

Trust: 1.0

psirt@us.ibm.com: CVE-2018-1665
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1665
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-621
value: HIGH

Trust: 0.6

VULHUB: VHN-127030
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1665
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127030
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1665
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

psirt@us.ibm.com: CVE-2018-1665
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-127030 // JVNDB: JVNDB-2018-013105 // CNNVD: CNNVD-201812-621 // NVD: CVE-2018-1665 // NVD: CVE-2018-1665

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.9

sources: VULHUB: VHN-127030 // JVNDB: JVNDB-2018-013105 // NVD: CVE-2018-1665

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-621

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-621

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013105

PATCH
title:0744195url:http://www.ibm.com/support/docview.wss?uid=ibm10744195
Trust: 0.8
title:ibm-websphere-cve20181665-info-disc (144891)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144891
Trust: 0.8
title:IBM DataPower Gateways Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87863
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013105 // 
            
            
            
            CNNVD: CNNVD-201812-621

EXTERNAL IDS
db:NVDid:CVE-2018-1665
Trust: 2.8
db:JVNDBid:JVNDB-2018-013105
Trust: 0.8
db:CNNVDid:CNNVD-201812-621
Trust: 0.7
db:BIDid:106816
Trust: 0.3
db:VULHUBid:VHN-127030
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127030 // 
            
            
            
            BID: 106816 // 
            
            
            
            JVNDB: JVNDB-2018-013105 // 
            
            
            
            CNNVD: CNNVD-201812-621 // 
            
            
            
            NVD: CVE-2018-1665

REFERENCES
url:http://www.ibm.com/support/docview.wss?uid=ibm10744195
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144891
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1665
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1665
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10744209
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10744195
Trust: 0.3
sources:
            
            
            VULHUB: VHN-127030 // 
            
            
            
            BID: 106816 // 
            
            
            
            JVNDB: JVNDB-2018-013105 // 
            
            
            
            CNNVD: CNNVD-201812-621 // 
            
            
            
            NVD: CVE-2018-1665

CREDITS
Srinivasarao Kotipalli & Jeremy Soh.
Trust: 0.3
sources:
            
            
            BID: 106816

SOURCES
db:VULHUBid:VHN-127030
db:BIDid:106816
db:JVNDBid:JVNDB-2018-013105
db:CNNVDid:CNNVD-201812-621
db:NVDid:CVE-2018-1665

LAST UPDATE DATE
2024-11-23T22:45:08.400000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127030date:2019-10-09T00:00:00
db:BIDid:106816date:2018-12-11T00:00:00
db:JVNDBid:JVNDB-2018-013105date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201812-621date:2019-10-17T00:00:00
db:NVDid:CVE-2018-1665date:2024-11-21T04:00:09.993

SOURCES RELEASE DATE
db:VULHUBid:VHN-127030date:2018-12-13T00:00:00
db:BIDid:106816date:2018-12-11T00:00:00
db:JVNDBid:JVNDB-2018-013105date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201812-621date:2018-12-13T00:00:00
db:NVDid:CVE-2018-1665date:2018-12-13T16:29:00.553