CVE-2018-1666

IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.

Published: Feb 7, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-1666
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / datapower_gateway	7.7.0.0	7.7.1.3.x
ibm / datapower_gateway	7.5.2.0	7.5.2.18.x
ibm / datapower_gateway	7.5.1.0	7.5.1.18.x
ibm / datapower_gateway	7.5.0.0	7.5.0.19.x
ibm / datapower_gateway	7.6.0.0	7.6.0.11.x
ibm / datapower_gateway	2018.4.1.0	2018.4.1.0.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/144892
https://www.ibm.com/support/docview.wss?uid=ibm10744205

Vulnerability Database

290,020

CVE-2018-1666