Sign-up

ID

VAR-201902-0594


CVE

CVE-2018-1666


TITLE

IBM DataPower Gateway Injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-001251 // CNNVD: CNNVD-201902-161

DESCRIPTION

IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892. IBM DataPower Gateway Contains an injection vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 144892 It is released as.Information may be tampered with. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. An attacker can exploit this vulnerability to inject arbitrary messages. The following versions are affected: IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 to 7.6.0.11, 7.5.2.0 to 7.5.2.18, 7.5.1.0 to 7.5.1.18, 7.5.0.0 to 7.5.0.19 Version, version 7.7.0.0 to version 7.7.1.3

Trust: 1.98

sources: NVD: CVE-2018-1666 // JVNDB: JVNDB-2019-001251 // BID: 107072 // VULHUB: VHN-127041

AFFECTED PRODUCTS

vendor:ibmmodel:datapower gatewayscope:eqversion:2018.4.1.0

Trust: 2.1

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.2.18

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.1.18

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.7.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.2.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.7.1.3

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.5.0.19

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.6.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.1.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:lteversion:7.6.0.11

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:7.5.0.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.19 for up to 7.5.0.0

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.18 for up to 7.5.1.0

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.18 for up to 7.5.2.0

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.11 for up to 7.6.0.0

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.3 for up to 7.7.0.0

Trust: 0.8

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.1.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.7.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.12

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.6.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.16

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.19

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.18

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.17

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.5.0.0

Trust: 0.3

sources: BID: 107072 // JVNDB: JVNDB-2019-001251 // NVD: CVE-2018-1666

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1666
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2018-1666
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1666
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-161
value: MEDIUM

Trust: 0.6

VULHUB: VHN-127041
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1666
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127041
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1666
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-127041 // JVNDB: JVNDB-2019-001251 // CNNVD: CNNVD-201902-161 // NVD: CVE-2018-1666 // NVD: CVE-2018-1666

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-74

Trust: 0.9

sources: VULHUB: VHN-127041 // JVNDB: JVNDB-2019-001251 // NVD: CVE-2018-1666

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-161

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201902-161

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001251

PATCH
title:0744205url:https://www.ibm.com/support/docview.wss?uid=ibm10744205
Trust: 0.8
title:ibm-websphere-cve20181666-message-injection(144892)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144892
Trust: 0.8
title:Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89071
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001251 // 
            
            
            
            CNNVD: CNNVD-201902-161

EXTERNAL IDS
db:NVDid:CVE-2018-1666
Trust: 2.8
db:JVNDBid:JVNDB-2019-001251
Trust: 0.8
db:CNNVDid:CNNVD-201902-161
Trust: 0.7
db:AUSCERTid:ESB-2019.0545
Trust: 0.6
db:BIDid:107072
Trust: 0.3
db:VULHUBid:VHN-127041
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127041 // 
            
            
            
            BID: 107072 // 
            
            
            
            JVNDB: JVNDB-2019-001251 // 
            
            
            
            CNNVD: CNNVD-201902-161 // 
            
            
            
            NVD: CVE-2018-1666

REFERENCES
url:https://www.ibm.com/support/docview.wss?uid=ibm10744205
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144892
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-1666
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1666
Trust: 0.8
url:http://www.ibm.com/support/docview.wss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75930
Trust: 0.6
url:http://www.ibm.com/support/docview.wss?uid=ibm10739241
Trust: 0.6
url:http://www.ibm.com
Trust: 0.3
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10744205
Trust: 0.3
sources:
            
            
            VULHUB: VHN-127041 // 
            
            
            
            BID: 107072 // 
            
            
            
            JVNDB: JVNDB-2019-001251 // 
            
            
            
            CNNVD: CNNVD-201902-161 // 
            
            
            
            NVD: CVE-2018-1666

CREDITS
Srinivasarao Kotipalli & Jeremy Soh
Trust: 0.3
sources:
            
            
            BID: 107072

SOURCES
db:VULHUBid:VHN-127041
db:BIDid:107072
db:JVNDBid:JVNDB-2019-001251
db:CNNVDid:CNNVD-201902-161
db:NVDid:CVE-2018-1666

LAST UPDATE DATE
2024-11-23T20:11:02.191000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127041date:2020-08-24T00:00:00
db:BIDid:107072date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2019-001251date:2019-02-20T00:00:00
db:CNNVDid:CNNVD-201902-161date:2020-08-25T00:00:00
db:NVDid:CVE-2018-1666date:2024-11-21T04:00:10.127

SOURCES RELEASE DATE
db:VULHUBid:VHN-127041date:2019-02-07T00:00:00
db:BIDid:107072date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2019-001251date:2019-02-20T00:00:00
db:CNNVDid:CNNVD-201902-161date:2019-02-07T00:00:00
db:NVDid:CVE-2018-1666date:2019-02-07T15:29:00.243