CVE-2018-1652Improper Input Validation in IBM Datapower Gateway

CWE-20Improper Input Validation5 documents5 sources
Severity
5.5MEDIUMNVD
CNA6.2CISA9.8
EPSS
0.0%
top 85.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Datapower GatewayIBM MQ ApplianceIBM Datapower Gateways
Timeline
PublishedDec 11
Latest updateFeb 4

Description

IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDibm/datapower_gateway7.1.0.07.1.0.19+5
CVEListV5ibm/datapower_gateways12 versions+11
NVDibm/mq_appliance8.0.0.08.0.0.8+1
CVEListV5ibm/mq_appliance4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-3rxq-7p39-5hg9: IBM DataPower Gateway 72022-05-13
CVEList
CVE-2018-1652: IBM DataPower Gateway 72018-12-11

💥Exploits & PoCs

1
Exploit-DB
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection2019-01-25

📋Vendor Advisories

1
CISA
Paessler PRTG Network Monitor Local File Inclusion Vulnerability2025-02-04
CVE-2018-1652 — Improper Input Validation in IBM | cvebase