IBM DataPower Gateway CVE-2018-1666 Security Bypass Vulnerability
BID:107072
Info
IBM DataPower Gateway CVE-2018-1666 Security Bypass Vulnerability
| Bugtraq ID: | 107072 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1666 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2019 12:00AM |
| Updated: | Jan 11 2019 12:00AM |
| Credit: | Srinivasarao Kotipalli & Jeremy Soh |
| Vulnerable: |
IBM DataPower Gateway 7.7.1.3 IBM DataPower Gateway 7.7.0.0 IBM DataPower Gateway 7.6.0.9 IBM DataPower Gateway 7.6.0.3 IBM DataPower Gateway 7.6.0.12 IBM DataPower Gateway 7.6.0.11 IBM DataPower Gateway 7.6.0.10 IBM DataPower Gateway 7.6.0.0 IBM DataPower Gateway 7.5.2.18 IBM DataPower Gateway 7.5.2.17 IBM DataPower Gateway 7.5.2.16 IBM DataPower Gateway 7.5.2.10 IBM DataPower Gateway 7.5.2.0 IBM DataPower Gateway 7.5.1.18 IBM DataPower Gateway 7.5.1.17 IBM DataPower Gateway 7.5.1.16 IBM DataPower Gateway 7.5.1.10 IBM DataPower Gateway 7.5.1.1 IBM DataPower Gateway 7.5.1.0 IBM DataPower Gateway 7.5.0.19 IBM DataPower Gateway 7.5.0.18 IBM DataPower Gateway 7.5.0.17 IBM DataPower Gateway 7.5.0.11 IBM DataPower Gateway 7.5.0.1 IBM DataPower Gateway 7.5.0.0 IBM DataPower Gateway 2018.4.1.0 |
| Not Vulnerable: | |
Discussion
IBM DataPower Gateway CVE-2018-1666 Security Bypass Vulnerability
IBM DataPower Gateway is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks.
The following products are affected:
IBM DataPower Gateway 2018.4.1.0
IBM DataPower Gateway 7.6.0.0 through 7.6.0.11
IBM DataPower Gateway 7.5.2.0 through 7.5.2.18
IBM DataPower Gateway 7.5.1.0 through 7.5.1.18
IBM DataPower Gateway 7.5.0.0 through 7.5.0.19
IBM DataPower Gateway 7.7.0.0 through 7.7.1.3
IBM DataPower Gateway is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks.
The following products are affected:
IBM DataPower Gateway 2018.4.1.0
IBM DataPower Gateway 7.6.0.0 through 7.6.0.11
IBM DataPower Gateway 7.5.2.0 through 7.5.2.18
IBM DataPower Gateway 7.5.1.0 through 7.5.1.18
IBM DataPower Gateway 7.5.0.0 through 7.5.0.19
IBM DataPower Gateway 7.7.0.0 through 7.7.1.3
Exploit / POC
IBM DataPower Gateway CVE-2018-1666 Security Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://.
Solution / Fix
IBM DataPower Gateway CVE-2018-1666 Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
IBM DataPower Gateway CVE-2018-1666 Security Bypass Vulnerability
References:
References: