CVE-2018-1668Improper Authentication in IBM Datapower Gateway

CWE-287Improper Authentication4 documents4 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.2%
top 63.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Datapower Gateway
Timeline
PublishedJan 29
Latest updateMay 13

Description

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/datapower_gateway7.5.0.07.5.0.19+3
CVEListV5ibm/datapower_gateway8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-vvq4-j9gg-65qg: IBM DataPower Gateway 72022-05-13
CVEList
CVE-2018-1668: IBM DataPower Gateway 72019-01-29

💥Exploits & PoCs

1
Exploit-DB
OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection2018-10-02
CVE-2018-1668 — Improper Authentication in IBM | cvebase