CVE-2018-1677Improper Handling of Exceptional Conditions in IBM Datapower Gateway

CWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
5.5MEDIUMNVD
CNA5.1
EPSS
0.0%
top 85.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Datapower GatewayIBM Datapower Gateways
Timeline
PublishedDec 20
Latest updateMay 13

Description

IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/datapower_gateways7 versions+6
NVDibm/datapower_gateway7.1.0.07.1.0.22+6

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-jh56-4939-fm7p: IBM DataPower Gateways 72022-05-13
CVEList
CVE-2018-1677: IBM DataPower Gateways 72018-12-20

💥Exploits & PoCs

1
Exploit-DB
TV - Video Subscription - Authentication Bypass SQL Injection2018-02-16
CVE-2018-1677 — IBM Datapower Gateway vulnerability | cvebase