| Vulnerability Name: | CVE-2018-1668 (CCN-144894) | ||||||||||||
| Assigned: | 2017-12-13 | ||||||||||||
| Published: | 2019-01-11 | ||||||||||||
| Updated: | 2020-08-24 | ||||||||||||
| Summary: | IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894. | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-287 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-1668 Source: CCN Type: IBM Security Bulletin 871908 (MQ Appliance) IBM MQ Appliance is affected by an unauthorized access vulnerability (CVE-2018-1668) Source: XF Type: UNKNOWN ibm-websphere-cve20181668-info-disc(144894) Source: XF Type: VDB Entry, Vendor Advisory ibm-websphere-cve20181668-info-disc(144894) Source: CCN Type: IBM Security Bulletin 794735 (DataPower Gateway) IBM DataPower Gateway appliances are affected by a vulnerability in IPMI (CVE-2018-1668) Source: CONFIRM Type: Vendor Advisory https://www.ibm.com/support/docview.wss?uid=ibm10794735 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||