IBM DataPower Gateways CVE-2018-1421 XML External Entity Injection Vulnerability
BID:103741
Info
IBM DataPower Gateways CVE-2018-1421 XML External Entity Injection Vulnerability
| Bugtraq ID: | 103741 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1421 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2018 12:00AM |
| Updated: | Mar 27 2018 12:00AM |
| Credit: | Moshe Mizrahi |
| Vulnerable: |
IBM DataPower Gateways 7.6.0.5 IBM DataPower Gateways 7.6.0.1 IBM DataPower Gateways 7.6.0.0 IBM DataPower Gateways 7.5.2.9 IBM DataPower Gateways 7.5.2.8 IBM DataPower Gateways 7.5.2.2 IBM DataPower Gateways 7.5.2.12 IBM DataPower Gateways 7.5.2.1 IBM DataPower Gateways 7.5.2.0 IBM DataPower Gateways 7.5.1.9 IBM DataPower Gateways 7.5.1.8 IBM DataPower Gateways 7.5.1.4 IBM DataPower Gateways 7.5.1.3 IBM DataPower Gateways 7.5.1.2 IBM DataPower Gateways 7.5.1.12 IBM DataPower Gateways 7.5.1.1 IBM DataPower Gateways 7.5.1.0 IBM DataPower Gateways 7.5.0.9 IBM DataPower Gateways 7.5.0.5 IBM DataPower Gateways 7.5.0.4 IBM DataPower Gateways 7.5.0.3 IBM DataPower Gateways 7.5.0.2 IBM DataPower Gateways 7.5.0.13 IBM DataPower Gateways 7.5.0.10 IBM DataPower Gateways 7.5.0.1 IBM DataPower Gateways 7.5.0.0 IBM DataPower Gateways 7.2.0.9 IBM DataPower Gateways 7.2.0.8 IBM DataPower Gateways 7.2.0.6 IBM DataPower Gateways 7.2.0.5 IBM DataPower Gateways 7.2.0.4 IBM DataPower Gateways 7.2.0.3 IBM DataPower Gateways 7.2.0.2 IBM DataPower Gateways 7.2.0.18 IBM DataPower Gateways 7.2.0.16 IBM DataPower Gateways 7.2.0.15 IBM DataPower Gateways 7.2.0.11 IBM DataPower Gateways 7.2.0.10 IBM DataPower Gateways 7.2.0.1 IBM DataPower Gateways 7.2.0.0 IBM DataPower Gateways 7.1.0.9 IBM DataPower Gateways 7.1.0.8 IBM DataPower Gateways 7.1.0.7 IBM DataPower Gateways 7.1.0.6 IBM DataPower Gateways 7.1.0.5 IBM DataPower Gateways 7.1.0.19 IBM DataPower Gateways 7.1.0.18 IBM DataPower Gateways 7.1.0.14 IBM DataPower Gateways 7.1.0.13 IBM DataPower Gateways 7.1.0.12 IBM DataPower Gateways 7.1.0.11 IBM DataPower Gateways 7.1.0.10 IBM DataPower Gateways 7.1.0.0 |
| Not Vulnerable: |
IBM DataPower Gateways 7.6.0.6 IBM DataPower Gateways 7.5.2.13 IBM DataPower Gateways 7.5.1.13 IBM DataPower Gateways 7.5.0.14 IBM DataPower Gateways 7.2.0.19 IBM DataPower Gateways 7.1.0.22 |
Discussion
IBM DataPower Gateways CVE-2018-1421 XML External Entity Injection Vulnerability
IBM DataPower Gateways is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition.
IBM DataPower Gateways 7.1.0.0 through 7.1.0.21, 7.2.0.0 through 7.2.0.18, 7.5.0.0 through 7.5.0.13, 7.5.1.0 through 7.5.1.12, 7.5.2.0 through 7.5.2.12 and 7.6.0.0 through 7.6.0.5 are vulnerable; other versions may also be affected.
IBM DataPower Gateways is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition.
IBM DataPower Gateways 7.1.0.0 through 7.1.0.21, 7.2.0.0 through 7.2.0.18, 7.5.0.0 through 7.5.0.13, 7.5.1.0 through 7.5.1.12, 7.5.2.0 through 7.5.2.12 and 7.6.0.0 through 7.6.0.5 are vulnerable; other versions may also be affected.
Solution / Fix
IBM DataPower Gateways CVE-2018-1421 XML External Entity Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
IBM DataPower Gateways CVE-2018-1421 XML External Entity Injection Vulnerability
References:
References: