Details of VAR-201812-0436

ID

VAR-201812-0436

CVE

CVE-2018-1677

TITLE

IBM DataPower Gateway and MQ Appliance Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012971

DESCRIPTION

IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171. Vendors have confirmed this vulnerability IBM X-Force ID: 145171 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. IBM MQ is prone to a denial-of-service vulnerability. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following versions are affected: IBM DataPower Gateway versions 7.1.0.0 to 7.1.0.22, 7.2.0.0 to 7.2.0.20, 7.5.0.0 to 7.5.0.15, 7.5.1.0 to 7.5.1.14, 7.5. Version 2.0 to version 7.5.2.14, version 7.6.0.0 to version 7.6.0.7, version 7.7.0.0 to version 7.7.1.0

Trust: 1.98

sources: NVD: CVE-2018-1677 // JVNDB: JVNDB-2018-012971 // BID: 106284 // VULHUB: VHN-127162

AFFECTED PRODUCTS

vendor:	ibm	model:	datapower gateway	scope:	gte	version:	7.2.0.0	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	lte	version:	7.5.1.14	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	gte	version:	7.7.0.0	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	lte	version:	7.1.0.22	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	lte	version:	7.6.0.7	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	lte	version:	7.2.0.20	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	gte	version:	7.5.2.0	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	lte	version:	7.5.2.14	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	lte	version:	7.5.0.15	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	gte	version:	7.1.0.0	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	gte	version:	7.6.0.0	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	gte	version:	7.5.1.0	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	lte	version:	7.7.1.0	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	gte	version:	7.5.0.0	Trust: 1.0
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.7.0.0	Trust: 0.9
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1	Trust: 0.8
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.2	Trust: 0.8
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.5	Trust: 0.8
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.5.1	Trust: 0.8
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.5.2	Trust: 0.8
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.6	Trust: 0.8
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.7	Trust: 0.8
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.7.1.0	Trust: 0.6
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.2.0.0	Trust: 0.6
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.7.0.9	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.7.0.8	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.7.0.7	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.7.0.6	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.7.0.4	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.7.0.2	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.6.0.6	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.6.0.5	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.6.0.1	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.6.0.0	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.2.9	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.2.8	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.2.2	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.2.13	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.2.12	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.2.1	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.2.0	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.1.9	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.1.8	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.1.4	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.1.3	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.1.2	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.1.13	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.1.12	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.1.1	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.1.0	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.9	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.5	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.4	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.3	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.2	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.15	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.14	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.13	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.10	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.1	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.5.0.0	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.2.0.20	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.2.0.19	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.2.0.18	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.2.0.16	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.2.0.15	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.2.0.11	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.2.0.10	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.2.0.1	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	eq	version:	7.2.0.0	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.5.2.0	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.5.1.16	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.5.1.1	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.5.1.0	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.5.0.2	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.5.0.1	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.9	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.8	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.7	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.5	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.4	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.3	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.22	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.20	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.2	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.19	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.18	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.15	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.14	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.12	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.11	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	eq	version:	7.1.0.10	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	ne	version:	7.7.1.1	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	ne	version:	7.6.0.8	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	ne	version:	7.5.2.15	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	ne	version:	7.5.1.15	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	ne	version:	7.5.0.16	Trust: 0.3
vendor:	ibm	model:	datapower gateways	scope:	ne	version:	7.2.0.21	Trust: 0.3
vendor:	ibm	model:	datapower gateway	scope:	ne	version:	7.1.0.23	Trust: 0.3

sources: BID: 106284 // JVNDB: JVNDB-2018-012971 // CNNVD: CNNVD-201812-815 // NVD: CVE-2018-1677

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-1677
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2018-1677
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-1677
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201812-815
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-127162
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-1677
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-127162
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-1677
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8
psirt@us.ibm.com:	CVE-2018-1677
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.4
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-127162 // JVNDB: JVNDB-2018-012971 // CNNVD: CNNVD-201812-815 // NVD: CVE-2018-1677 // NVD: CVE-2018-1677

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-127162 // JVNDB: JVNDB-2018-012971 // NVD: CVE-2018-1677

THREAT TYPE

local

Trust: 0.9

sources: BID: 106284 // CNNVD: CNNVD-201812-815

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201812-815

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012971

PATCH

title:	0744555	url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10744555	Trust: 0.8
title:	ibm-websphere-cve20181677-dos (145171)	url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/145171	Trust: 0.8
title:	IBM DataPower Gateway and MQ Appliance Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88011	Trust: 0.6

sources: JVNDB: JVNDB-2018-012971 // CNNVD: CNNVD-201812-815

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1677	Trust: 2.8
db:	BID	id:	106284	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-012971	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-815	Trust: 0.7
db:	VULHUB	id:	VHN-127162	Trust: 0.1

sources: VULHUB: VHN-127162 // BID: 106284 // JVNDB: JVNDB-2018-012971 // CNNVD: CNNVD-201812-815 // NVD: CVE-2018-1677

REFERENCES

url:	http://www.securityfocus.com/bid/106284	Trust: 1.7
url:	https://www.ibm.com/support/docview.wss?uid=ibm10744555	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/145171	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1677	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1677	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10744555	Trust: 0.3

sources: VULHUB: VHN-127162 // BID: 106284 // JVNDB: JVNDB-2018-012971 // CNNVD: CNNVD-201812-815 // NVD: CVE-2018-1677

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 106284

SOURCES

db:	VULHUB	id:	VHN-127162
db:	BID	id:	106284
db:	JVNDB	id:	JVNDB-2018-012971
db:	CNNVD	id:	CNNVD-201812-815
db:	NVD	id:	CVE-2018-1677

LAST UPDATE DATE

2024-11-23T22:48:31.550000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-127162	date:	2020-08-24T00:00:00
db:	BID	id:	106284	date:	2018-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-012971	date:	2019-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201812-815	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-1677	date:	2024-11-21T04:00:11.463

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-127162	date:	2018-12-20T00:00:00
db:	BID	id:	106284	date:	2018-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-012971	date:	2019-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201812-815	date:	2018-12-19T00:00:00
db:	NVD	id:	CVE-2018-1677	date:	2018-12-20T14:29:00.307