CVE-2018-1669

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.1HIGH
EPSS
0.4%
top 40.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Datapower GatewayIBM Datapower Gateway CDIBM Datapower Gateways
Timeline
PublishedSep 25
Latest updateMay 13

Description

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

NVDibm/datapower_gateway7.1.0.07.1.0.23+6
CVEListV5ibm/datapower_gateways12 versions+11
CVEListV5ibm/datapower_gateway_cd7.7.0.0, 7.7.1.2+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-427q-vv76-73ch: IBM DataPower Gateway 72022-05-13
CVEList
CVE-2018-1669: IBM DataPower Gateway 72018-09-25
CVE-2018-1669 (HIGH CVSS 7.1) | IBM DataPower Gateway 7.1.0.0 - 7.1 | cvebase.io