CVE-2018-1664 — IBM Datapower Gateway vulnerability
4 documents4 sources
Severity
7.8HIGHNVD
CNA6.2
EPSS
0.0%
top 87.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 25
Latest updateMay 13
Description
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9