Lucene search

[email protected]CVE-2018-1652

HistoryDec 11, 2018 - 4:29 p.m.

CVE-2018-1652

2018-12-1116:29:00

CWE-20

[email protected]

web.nvd.nist.gov

ibm

datapower

gateway

appliance

vulnerability

cve-2018-1652

nvd

x-force id

144724

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724.

Affected configurations

Vulners

NVD

Node

ibmdatapower_gatewayMatch7.1.0.0

ibmdatapower_gatewayMatch7.2.0.0

ibmdatapower_gatewayMatch7.5.0.0

ibmdatapower_gatewayMatch7.5.1.0

ibmdatapower_gatewayMatch7.6.0.0

ibmdatapower_gatewayMatch7.5.2.0

ibmdatapower_gatewayMatch7.6.0.2

ibmdatapower_gatewayMatch7.5.2.9

ibmdatapower_gatewayMatch7.5.1.9

ibmdatapower_gatewayMatch7.5.0.10

ibmdatapower_gatewayMatch7.2.0.16

ibmdatapower_gatewayMatch7.1.0.19

ibmmq_applianceMatch9.0.1

ibmmq_applianceMatch9.0.5

ibmmq_applianceMatch8.0.0.0

ibmmq_applianceMatch8.0.0.8

VendorProductVersionCPE
ibmdatapower_gateway7.1.0.0cpe:2.3:a:ibm:datapower_gateway:7.1.0.0:*:*:*:*:*:*:*
ibmdatapower_gateway7.2.0.0cpe:2.3:a:ibm:datapower_gateway:7.2.0.0:*:*:*:*:*:*:*
ibmdatapower_gateway7.5.0.0cpe:2.3:a:ibm:datapower_gateway:7.5.0.0:*:*:*:*:*:*:*
ibmdatapower_gateway7.5.1.0cpe:2.3:a:ibm:datapower_gateway:7.5.1.0:*:*:*:*:*:*:*
ibmdatapower_gateway7.6.0.0cpe:2.3:a:ibm:datapower_gateway:7.6.0.0:*:*:*:*:*:*:*
ibmdatapower_gateway7.5.2.0cpe:2.3:a:ibm:datapower_gateway:7.5.2.0:*:*:*:*:*:*:*
ibmdatapower_gateway7.6.0.2cpe:2.3:a:ibm:datapower_gateway:7.6.0.2:*:*:*:*:*:*:*
ibmdatapower_gateway7.5.2.9cpe:2.3:a:ibm:datapower_gateway:7.5.2.9:*:*:*:*:*:*:*
ibmdatapower_gateway7.5.1.9cpe:2.3:a:ibm:datapower_gateway:7.5.1.9:*:*:*:*:*:*:*
ibmdatapower_gateway7.5.0.10cpe:2.3:a:ibm:datapower_gateway:7.5.0.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	datapower_gateway	7.1.0.0	cpe:2.3:a:ibm:datapower_gateway:7.1.0.0:::::::*
ibm	datapower_gateway	7.2.0.0	cpe:2.3:a:ibm:datapower_gateway:7.2.0.0:::::::*
ibm	datapower_gateway	7.5.0.0	cpe:2.3:a:ibm:datapower_gateway:7.5.0.0:::::::*
ibm	datapower_gateway	7.5.1.0	cpe:2.3:a:ibm:datapower_gateway:7.5.1.0:::::::*
ibm	datapower_gateway	7.6.0.0	cpe:2.3:a:ibm:datapower_gateway:7.6.0.0:::::::*
ibm	datapower_gateway	7.5.2.0	cpe:2.3:a:ibm:datapower_gateway:7.5.2.0:::::::*
ibm	datapower_gateway	7.6.0.2	cpe:2.3:a:ibm:datapower_gateway:7.6.0.2:::::::*
ibm	datapower_gateway	7.5.2.9	cpe:2.3:a:ibm:datapower_gateway:7.5.2.9:::::::*
ibm	datapower_gateway	7.5.1.9	cpe:2.3:a:ibm:datapower_gateway:7.5.1.9:::::::*
ibm	datapower_gateway	7.5.0.10	cpe:2.3:a:ibm:datapower_gateway:7.5.0.10:::::::*

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "DataPower Gateways",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.1.0.0"
      },
      {
        "status": "affected",
        "version": "7.2.0.0"
      },
      {
        "status": "affected",
        "version": "7.5.0.0"
      },
      {
        "status": "affected",
        "version": "7.5.1.0"
      },
      {
        "status": "affected",
        "version": "7.6.0.0"
      },
      {
        "status": "affected",
        "version": "7.5.2.0"
      },
      {
        "status": "affected",
        "version": "7.6.0.2"
      },
      {
        "status": "affected",
        "version": "7.5.2.9"
      },
      {
        "status": "affected",
        "version": "7.5.1.9"
      },
      {
        "status": "affected",
        "version": "7.5.0.10"
      },
      {
        "status": "affected",
        "version": "7.2.0.16"
      },
      {
        "status": "affected",
        "version": "7.1.0.19"
      }
    ]
  },
  {
    "product": "MQ Appliance",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.1"
      },
      {
        "status": "affected",
        "version": "9.0.5"
      },
      {
        "status": "affected",
        "version": "8.0.0.0"
      },
      {
        "status": "affected",
        "version": "8.0.0.8"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/144724

www.ibm.com/support/docview.wss?uid=ibm10717483

www.ibm.com/support/docview.wss?uid=ibm10744557

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2018-1652

ibm2 prion1 cvelist1 nvd1