Sign-up

ID

VAR-201901-0716


CVE

CVE-2018-1668


TITLE

IBM DataPower Gateway Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001475

DESCRIPTION

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894. IBM DataPower Gateway Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 144894 It is released as.Information may be obtained. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform

Trust: 1.98

sources: NVD: CVE-2018-1668 // JVNDB: JVNDB-2019-001475 // BID: 106795 // VULHUB: VHN-127063

AFFECTED PRODUCTS

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.0.19

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.2.18

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.2.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.1.18

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.6.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.1.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.6.0.11

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.0 to 7.5.0.19

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:77.5.1.0 to 7.5.1.18

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:77.5.2.0 to 7.5.2.18

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:77.6.0.0 to 7.6.0.11

Trust: 0.8

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.6.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.14

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.16

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.14

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.19

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.6.0.12

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.2.19

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.1.19

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.5.0.20

Trust: 0.3

sources: BID: 106795 // JVNDB: JVNDB-2019-001475 // NVD: CVE-2018-1668

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1668
value: HIGH

Trust: 1.0

psirt@us.ibm.com: CVE-2018-1668
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1668
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-922
value: HIGH

Trust: 0.6

VULHUB: VHN-127063
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1668
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127063
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1668
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

psirt@us.ibm.com: CVE-2018-1668
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-127063 // JVNDB: JVNDB-2019-001475 // CNNVD: CNNVD-201901-922 // NVD: CVE-2018-1668 // NVD: CVE-2018-1668

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

problemtype:CWE-754

Trust: 0.1

sources: VULHUB: VHN-127063 // JVNDB: JVNDB-2019-001475 // NVD: CVE-2018-1668

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-922

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201901-922

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001475

PATCH
title:0794735url:https://www-01.ibm.com/support/docview.wss?uid=ibm10794735
Trust: 0.8
title:ibm-websphere-cve20181668-info-disc (144894)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144894
Trust: 0.8
title:IBM DataPower Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88972
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001475 // 
            
            
            
            CNNVD: CNNVD-201901-922

EXTERNAL IDS
db:NVDid:CVE-2018-1668
Trust: 2.8
db:JVNDBid:JVNDB-2019-001475
Trust: 0.8
db:CNNVDid:CNNVD-201901-922
Trust: 0.7
db:AUSCERTid:ESB-2019.0545
Trust: 0.6
db:BIDid:106795
Trust: 0.3
db:VULHUBid:VHN-127063
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127063 // 
            
            
            
            BID: 106795 // 
            
            
            
            JVNDB: JVNDB-2019-001475 // 
            
            
            
            CNNVD: CNNVD-201901-922 // 
            
            
            
            NVD: CVE-2018-1668

REFERENCES
url:https://www.ibm.com/support/docview.wss?uid=ibm10794735
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144894
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1668
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1668
Trust: 0.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144894vdb entryvendor advisory
Trust: 0.6
url:https://www.ibm.com/support/docview.wss?uid=ibm10794735vendor advisory
Trust: 0.6
url:http://www.ibm.com/support/docview.wss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75930
Trust: 0.6
url:http://www.ibm.com/support/docview.wss?uid=ibm10871908
Trust: 0.6
url:http://www.ibm.com
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10794735
Trust: 0.3
sources:
            
            
            VULHUB: VHN-127063 // 
            
            
            
            BID: 106795 // 
            
            
            
            JVNDB: JVNDB-2019-001475 // 
            
            
            
            CNNVD: CNNVD-201901-922 // 
            
            
            
            NVD: CVE-2018-1668

CREDITS
Srinivasarao Kotipalli & Jeremy Soh.
Trust: 0.3
sources:
            
            
            BID: 106795

SOURCES
db:VULHUBid:VHN-127063
db:BIDid:106795
db:JVNDBid:JVNDB-2019-001475
db:CNNVDid:CNNVD-201901-922
db:NVDid:CVE-2018-1668

LAST UPDATE DATE
2024-11-23T20:40:48.249000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127063date:2020-08-24T00:00:00
db:BIDid:106795date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2019-001475date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201901-922date:2022-03-18T00:00:00
db:NVDid:CVE-2018-1668date:2024-11-21T04:00:10.353

SOURCES RELEASE DATE
db:VULHUBid:VHN-127063date:2019-01-29T00:00:00
db:BIDid:106795date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2019-001475date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201901-922date:2019-01-28T00:00:00
db:NVDid:CVE-2018-1668date:2019-01-29T16:29:00.310