| Vulnerability Name: | CVE-2018-1666 (CCN-144892) | ||||||||||||
| Assigned: | 2017-12-13 | ||||||||||||
| Published: | 2019-01-11 | ||||||||||||
| Updated: | 2020-08-24 | ||||||||||||
| Summary: | IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892. | ||||||||||||
| CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Other | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-1666 Source: CCN Type: IBM Security Bulletin 739241 (MQ Appliance) IBM MQ Appliance is affected by a UI message injection vulnerability (CVE-2018-1666) Source: XF Type: UNKNOWN ibm-websphere-cve20181666-message-injection(144892) Source: XF Type: VDB Entry, Vendor Advisory ibm-websphere-cve20181666-message-injection(144892) Source: CCN Type: IBM Security Bulletin 744205 (DataPower Gateway) IBM DataPower Gateway is affected by a message injection vulnerability (CVE-2018-1666) Source: CONFIRM Type: Vendor Advisory https://www.ibm.com/support/docview.wss?uid=ibm10744205 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||