CVE-2018-1421
published 2018-04-04CVE-2018-1421: IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data…
high7.1CVSS 3.0
AVNACLPRLUINSUCHINAL
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | datapower_gateway | 7.1.0.0 – 7.1.0.21 | — |
| ibm | datapower_gateway | 7.2.0.0 – 7.2.0.18 | — |
| ibm | datapower_gateway | 7.5.0.0 – 7.5.0.13 | — |
| ibm | datapower_gateway | 7.5.1.0 – 7.5.1.12 | — |
| ibm | datapower_gateway | 7.5.2.0 – 7.5.2.12 | — |
| ibm | datapower_gateway | 7.6.0.0 – 7.6.0.5 | — |
| ibm | datapower_gateways | — | — |
| ibm | datapower_gateways | — | — |
| ibm | datapower_gateways | — | — |
| ibm | datapower_gateways | — | — |
| ibm | datapower_gateways | — | — |
| ibm | datapower_gateways | — | — |