CVE-2018-1668

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.

Published: Jan 29, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-1668
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ibm / datapower_gateway	7.5.2.0	7.5.2.18.x
ibm / datapower_gateway	7.5.1.0	7.5.1.18.x
ibm / datapower_gateway	7.5.0.0	7.5.0.19.x
ibm / datapower_gateway	7.6.0.0	7.6.0.11.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/144894
https://www.ibm.com/support/docview.wss?uid=ibm10794735

Vulnerability Database

290,020

CVE-2018-1668