IBM0D61159DBCC32EC0272A2A65051AD085697F89D91D88EDA090E6C2B05BDEEEEFSecurity Bulletin: IBM DataPower Gateway vulnerable to directory traversal issue
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
35.2%
Summary
IBM has addressed the CVE
Vulnerability Details
CVEID:CVE-2023-46177
**DESCRIPTION:**IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269536 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM DataPower Gateway 10.5 CD | 10.5.1-10.5.2 |
| IBM DataPower Gateway 10.5.0 | 10.5.0.0-10.5.0.7 |
Remediation/Fixes
| Affected Product | Fixed in version | APAR |
|---|---|---|
| IBM DataPower Gateway 10.5 CD | 10.5.3 | IT45213 |
| IBM DataPower Gateway 10.5.0 | 10.5.0.8 | IT45213 |
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | datapower_gateway | 10.5.0 | cpe:2.3:a:ibm:datapower_gateway:10.5.0:*:*:*:*:*:*:* |
| ibm | datapower_gateway | 10.5 | cpe:2.3:a:ibm:datapower_gateway:10.5:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
35.2%