IBM DataPower Gateway 7.5.0.18

CPE Details

IBM DataPower Gateway 7.5.0.18
ibm
datapower_gateway
7.5.0.18
2019-09-19
12h30 +00:00
2019-09-19
12h30 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ibm:datapower_gateway:7.5.0.18:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

datapower_gateway

Version

7.5.0.18

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2018-1666 2019-02-07 16h00 +00:00 IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.
4.3
Moyen
CVE-2018-1668 2019-01-29 16h00 +00:00 IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.
7.5
Haute
CVE-2018-1665 2018-12-13 16h00 +00:00 IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.
7.5
Haute
CVE-2018-1667 2018-12-13 16h00 +00:00 IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893.
5.4
Moyen