CVE-2018-1667

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 70.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Datapower GatewayIBM Datapower Gateways
Timeline
PublishedDec 13
Latest updateMay 13

Description

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDibm/datapower_gateway7.5.0.07.5.0.18+4
CVEListV5ibm/datapower_gateways10 versions+9

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-qrw3-vj73-mp6v: IBM DataPower Gateway 72022-05-13
CVEList
CVE-2018-1667: IBM DataPower Gateway 72018-12-13
CVE-2018-1667 (MEDIUM CVSS 5.4) | IBM DataPower Gateway 7.6.0.0 throu | cvebase.io