7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
IBM DataPower Gateways has addressed a vulnerability in the ISAM Access Manager Client component that could cause a denial of service.
CVEID: CVE-2016-3706**
DESCRIPTION:** GNU C Library (glibc or libc6) is vulnerable to a denial of service, caused by a stack-based buffer overflow by the getaddrinfo function within sysdeps/posix/getaddrinfo.c. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114123 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM DataPower Gateways appliances versions 7.1.0.0-7.1.0.15, 7.2.0.0-7.2.0.12, 7.5.0.0-7.5.0.6, 7.5.1.0-7.5.1.5, 7.5.2.0-7.5.2.4
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM DataPower Gateway| 7.1.0.0-7.1.0.15| IT20143 | Apply firmware 7.1.0.16
IBM DataPower Gateway| 7.2.0.0-7.2.0.12| IT20143 | Apply firmware 7.2.0.13
IBM DataPower Gateway| 7.5.0.0-7.5.0.6| IT20143 | Apply firmware 7.5.0.7
IBM DataPower Gateway| 7.5.1.0 - 7.5.1.5| IT20143 | Apply firmware 7.5.1.6
IBM DataPower Gateway| 7.5.2.0 - 7.5.2.4| IT20143 | Apply firmware 7.5.2.5
Refer to APAR IT20143 for URLs to download the fix.
You should verify applying this fix does not cause any compatibility issues.
For DataPower customers using versions 6.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm datapower gateway | eq | 7.5.2 | |
ibm datapower gateway | eq | 7.5.1 | |
ibm datapower gateway | eq | 7.5 | |
ibm datapower gateway | eq | 7.2 | |
ibm datapower gateway | eq | 7.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P