IBM DataPower Gateway has addressed CVE 2018-14348
CVEID:CVE-2018-14348
**DESCRIPTION:**libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148451 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM DataPower Gateway | 2018.4.1.0-2018.4.1.8 |
IBM DataPower Gateway | 7.6.0.0-7.6.0.17 |
Affected Product | Fixed in version | APAR |
---|---|---|
IBM DataPower Gateway | 7.6.0.18 | IT30947 |
IBM DataPower Gateway | 2018.4.1.9 | IT30947 |
None