cvelistv5 - cve-2018-1665

CVE-2018-1665 (GCVE-0-2018-1665)

Vulnerability from cvelistv5 – Published: 2018-12-13 16:00 – Updated: 2024-09-17 03:02

Summary

Severity ?

5.9 (Medium)


                        
                          CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=ibm10744195	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DataPower Gateway	Affected: 7.6.0.0 Affected: 7.6.0.10 Affected: 7.5.2.0 Affected: 7.5.2.17 Affected: 7.5.1.0 Affected: 7.5.1.17 Affected: 7.5.0.0 Affected: 7.7.0.0 Affected: 7.7.1.3 Affected: 7.5.0.18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:43.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
          },
          {
            "name": "ibm-websphere-cve20181665-info-disc(144891)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DataPower Gateway",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.10"
            },
            {
              "status": "affected",
              "version": "7.5.2.0"
            },
            {
              "status": "affected",
              "version": "7.5.2.17"
            },
            {
              "status": "affected",
              "version": "7.5.1.0"
            },
            {
              "status": "affected",
              "version": "7.5.1.17"
            },
            {
              "status": "affected",
              "version": "7.5.0.0"
            },
            {
              "status": "affected",
              "version": "7.7.0.0"
            },
            {
              "status": "affected",
              "version": "7.7.1.3"
            },
            {
              "status": "affected",
              "version": "7.5.0.18"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-13T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
        },
        {
          "name": "ibm-websphere-cve20181665-info-disc(144891)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-12-11T00:00:00",
          "ID": "CVE-2018-1665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DataPower Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0.0"
                          },
                          {
                            "version_value": "7.6.0.10"
                          },
                          {
                            "version_value": "7.5.2.0"
                          },
                          {
                            "version_value": "7.5.2.17"
                          },
                          {
                            "version_value": "7.5.1.0"
                          },
                          {
                            "version_value": "7.5.1.17"
                          },
                          {
                            "version_value": "7.5.0.0"
                          },
                          {
                            "version_value": "7.7.0.0"
                          },
                          {
                            "version_value": "7.7.1.3"
                          },
                          {
                            "version_value": "7.5.0.18"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10744195",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
            },
            {
              "name": "ibm-websphere-cve20181665-info-disc(144891)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1665",
    "datePublished": "2018-12-13T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:02:59.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.5.0.0\", \"versionEndIncluding\": \"7.5.0.18\", \"matchCriteriaId\": \"F7EE0AD1-91FF-426B-9255-EA5BDA15C740\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.5.1.0\", \"versionEndIncluding\": \"7.5.1.17\", \"matchCriteriaId\": \"55A2854C-5476-426F-806F-24473E874D62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.5.2.0\", \"versionEndIncluding\": \"7.5.2.17\", \"matchCriteriaId\": \"641BCBEE-A960-4B40-9D87-9EEB4682B278\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.6.0.0\", \"versionEndIncluding\": \"7.6.0.10\", \"matchCriteriaId\": \"20A59E95-0821-406B-AD4A-63728DF10663\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.7.0.0\", \"versionEndIncluding\": \"7.7.1.3\", \"matchCriteriaId\": \"1B47A760-81C4-40D3-B82A-B688962F7645\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.\"}, {\"lang\": \"es\", \"value\": \"IBM DataPower Gateway, desde la versi\\u00f3n 7.6.0.0 hasta la 7.6.0.10, desde la versi\\u00f3n 7.5.2.0 hasta la 7.5.2.17, desde la versi\\u00f3n 7.5.1.0 hasta la 7.5.1.17, desde la versi\\u00f3n 7.5.0.0 hasta la 7.5.0.18 y desde la versi\\u00f3n 7.7.0.0 hasta la 7.7.1.3, emplea algoritmos criptogr\\u00e1ficos m\\u00e1s d\\u00e9biles de lo esperado que podr\\u00edan permitir que un atacante descifre informaci\\u00f3n altamente sensible. IBM X-Force ID: 144891.\"}]",
      "id": "CVE-2018-1665",
      "lastModified": "2024-11-21T04:00:09.993",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-12-13T16:29:00.553",
      "references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=ibm10744195\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/144891\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=ibm10744195\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/144891\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-326\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1665\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2018-12-13T16:29:00.553\",\"lastModified\":\"2024-11-21T04:00:09.993\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.\"},{\"lang\":\"es\",\"value\":\"IBM DataPower Gateway, desde la versi\u00f3n 7.6.0.0 hasta la 7.6.0.10, desde la versi\u00f3n 7.5.2.0 hasta la 7.5.2.17, desde la versi\u00f3n 7.5.1.0 hasta la 7.5.1.17, desde la versi\u00f3n 7.5.0.0 hasta la 7.5.0.18 y desde la versi\u00f3n 7.7.0.0 hasta la 7.7.1.3, emplea algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir que un atacante descifre informaci\u00f3n altamente sensible. IBM X-Force ID: 144891.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.0.0\",\"versionEndIncluding\":\"7.5.0.18\",\"matchCriteriaId\":\"F7EE0AD1-91FF-426B-9255-EA5BDA15C740\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.1.0\",\"versionEndIncluding\":\"7.5.1.17\",\"matchCriteriaId\":\"55A2854C-5476-426F-806F-24473E874D62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.2.0\",\"versionEndIncluding\":\"7.5.2.17\",\"matchCriteriaId\":\"641BCBEE-A960-4B40-9D87-9EEB4682B278\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.6.0.0\",\"versionEndIncluding\":\"7.6.0.10\",\"matchCriteriaId\":\"20A59E95-0821-406B-AD4A-63728DF10663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.7.0.0\",\"versionEndIncluding\":\"7.7.1.3\",\"matchCriteriaId\":\"1B47A760-81C4-40D3-B82A-B688962F7645\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=ibm10744195\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/144891\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=ibm10744195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/144891\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]}]}}"
  }
}

VAR-201812-0416

Vulnerability from variot - Updated: 2023-12-18 13:23

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891. IBM DataPower Gateway Contains a cryptographic strength vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 144891 It is released as.Information may be obtained. IBM DataPower Gateways is prone to the following vulnerabilities: 1. A security weakness 2. A cross-site scripting vulnerability. An attacker may leverage these issues to obtain sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. 0.0 version to 7.7.1.3 version

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0416",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.2.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.2.17"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.1.17"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.7.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.6.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.7.1.3"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.6.0.10"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.18"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7.7.1.3"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7.7.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.0.0 to  7.5.0.18"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.1.0 to  7.5.1.17"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.2.0 to  7.5.2.17"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.6.0.0 to  7.6.0.10"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.7.0.0 to  7.7.1.3"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.7.1.2"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.7.1.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.7.1.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.1.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.0.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.0.8"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.0.7"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.0.6"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.0.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.8"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.6"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.8"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.15"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.13"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.12"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.8"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.15"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.14"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.13"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.12"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.16"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.15"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.14"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.13"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.10"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.9"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.3"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.10"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.17"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.16"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.10"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.17"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.16"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.10"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.18"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.17"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.11"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.11"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.18"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.18"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.19"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.0.18",
                "versionStartIncluding": "7.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.1.17",
                "versionStartIncluding": "7.5.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.6.0.10",
                "versionStartIncluding": "7.6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.2.17",
                "versionStartIncluding": "7.5.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.7.1.3",
                "versionStartIncluding": "7.7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1665"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Srinivasarao Kotipalli \u0026 Jeremy Soh.",
    "sources": [
      {
        "db": "BID",
        "id": "106816"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1665",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-1665",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-127030",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-1665",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1665",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2018-1665",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-621",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-127030",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127030"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1665"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891. IBM DataPower Gateway Contains a cryptographic strength vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 144891 It is released as.Information may be obtained. IBM DataPower Gateways is prone to the following vulnerabilities:\n1. A security weakness\n2. A cross-site scripting vulnerability. \nAn attacker may leverage these issues to obtain sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. 0.0 version to 7.7.1.3 version",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1665"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "db": "BID",
        "id": "106816"
      },
      {
        "db": "VULHUB",
        "id": "VHN-127030"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1665",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-621",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "106816",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-127030",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127030"
      },
      {
        "db": "BID",
        "id": "106816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ]
  },
  "id": "VAR-201812-0416",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127030"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:23:50.899000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "0744195",
        "trust": 0.8,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
      },
      {
        "title": "ibm-websphere-cve20181665-info-disc (144891)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
      },
      {
        "title": "IBM DataPower Gateways Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87863"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127030"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1665"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1665"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1665"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744209"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744195"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127030"
      },
      {
        "db": "BID",
        "id": "106816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-127030"
      },
      {
        "db": "BID",
        "id": "106816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-127030"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106816"
      },
      {
        "date": "2019-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "date": "2018-12-13T16:29:00.553000",
        "db": "NVD",
        "id": "CVE-2018-1665"
      },
      {
        "date": "2018-12-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-127030"
      },
      {
        "date": "2018-12-11T00:00:00",
        "db": "BID",
        "id": "106816"
      },
      {
        "date": "2019-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      },
      {
        "date": "2019-10-09T23:38:50.650000",
        "db": "NVD",
        "id": "CVE-2018-1665"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM DataPower Gateway Vulnerabilities related to cryptographic strength",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013105"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-621"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-1665

Vulnerability from fkie_nvd - Published: 2018-12-13 16:29 - Updated: 2024-11-21 04:00

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10744195	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/144891	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10744195	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/144891	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	datapower_gateway	*
ibm	datapower_gateway	*
ibm	datapower_gateway	*
ibm	datapower_gateway	*
ibm	datapower_gateway	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EE0AD1-91FF-426B-9255-EA5BDA15C740",
              "versionEndIncluding": "7.5.0.18",
              "versionStartIncluding": "7.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A2854C-5476-426F-806F-24473E874D62",
              "versionEndIncluding": "7.5.1.17",
              "versionStartIncluding": "7.5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "641BCBEE-A960-4B40-9D87-9EEB4682B278",
              "versionEndIncluding": "7.5.2.17",
              "versionStartIncluding": "7.5.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20A59E95-0821-406B-AD4A-63728DF10663",
              "versionEndIncluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B47A760-81C4-40D3-B82A-B688962F7645",
              "versionEndIncluding": "7.7.1.3",
              "versionStartIncluding": "7.7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891."
    },
    {
      "lang": "es",
      "value": "IBM DataPower Gateway, desde la versi\u00f3n 7.6.0.0 hasta la 7.6.0.10, desde la versi\u00f3n 7.5.2.0 hasta la 7.5.2.17, desde la versi\u00f3n 7.5.1.0 hasta la 7.5.1.17, desde la versi\u00f3n 7.5.0.0 hasta la 7.5.0.18 y desde la versi\u00f3n 7.7.0.0 hasta la 7.7.1.3, emplea algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir que un atacante descifre informaci\u00f3n altamente sensible. IBM X-Force ID: 144891."
    }
  ],
  "id": "CVE-2018-1665",
  "lastModified": "2024-11-21T04:00:09.993",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-13T16:29:00.553",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6W64-P2VC-5PH5

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1665"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-13T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.",
  "id": "GHSA-6w64-p2vc-5ph5",
  "modified": "2022-05-13T01:32:58Z",
  "published": "2022-05-13T01:32:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1665"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-1665

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1665

Aliases

CVE-2018-1665

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1665",
    "description": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.",
    "id": "GSD-2018-1665"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1665"
      ],
      "details": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.",
      "id": "GSD-2018-1665",
      "modified": "2023-12-13T01:22:37.703148Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2018-12-11T00:00:00",
        "ID": "CVE-2018-1665",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DataPower Gateway",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.6.0.0"
                        },
                        {
                          "version_value": "7.6.0.10"
                        },
                        {
                          "version_value": "7.5.2.0"
                        },
                        {
                          "version_value": "7.5.2.17"
                        },
                        {
                          "version_value": "7.5.1.0"
                        },
                        {
                          "version_value": "7.5.1.17"
                        },
                        {
                          "version_value": "7.5.0.0"
                        },
                        {
                          "version_value": "7.7.0.0"
                        },
                        {
                          "version_value": "7.7.1.3"
                        },
                        {
                          "version_value": "7.5.0.18"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "N",
            "AC": "H",
            "AV": "N",
            "C": "H",
            "I": "N",
            "PR": "N",
            "S": "U",
            "SCORE": "5.900",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Obtain Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=ibm10744195",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
          },
          {
            "name": "ibm-websphere-cve20181665-info-disc(144891)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.0.18",
                "versionStartIncluding": "7.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.1.17",
                "versionStartIncluding": "7.5.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.6.0.10",
                "versionStartIncluding": "7.6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.2.17",
                "versionStartIncluding": "7.5.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.7.1.3",
                "versionStartIncluding": "7.7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2018-1665"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-326"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-websphere-cve20181665-info-disc(144891)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10744195",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:38Z",
      "publishedDate": "2018-12-13T16:29Z"
    }
  }
}

CNVD-2018-25272

Vulnerability from cnvd - Published: 2018-12-14

Title

IBM DataPower Gateways弱加密算法漏洞

Description

IBM DataPower Gateways是美国IBM公司的一套专门为移动、云、应用编程接口（API）、网络、面向服务架构（SOA）、B2B和云工作负载而设计的安全和集成平台，它可利用专用网关平台跨渠道保护、集成和优化访问。 IBM DataPower Gateways存在弱加密算法漏洞，攻击者可利用该漏洞解密高度敏感的信息。

Severity

中

Patch Name

IBM DataPower Gateway弱加密算法漏洞的补丁

Patch Description

IBM DataPower Gateways是美国IBM公司的一套专门为移动、云、应用编程接口（API）、网络、面向服务架构（SOA）、B2B和云工作负载而设计的安全和集成平台，它可利用专用网关平台跨渠道保护、集成和优化访问。 IBM DataPower Gateway存在弱加密算法漏洞，攻击者可利用该漏洞解密高度敏感的信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.ibm.com/support/docview.wss?uid=ibm10744195

Reference

https://www-01.ibm.com/support/docview.wss?uid=ibm10744195

Impacted products

Name
['IBM DataPower Gateway 7.6.0.10', 'IBM DataPower Gateways >=7.5.2.0，<=7.5.2.17', 'IBM DataPower Gateways >=7.5.1.0，<=7.5.1.17', 'IBM DataPower Gateways >=7.5.0.0，<=7.5.0.18', 'IBM DataPower Gateways >=7.7.0.0，<=7.7.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1665"
    }
  },
  "description": "IBM DataPower Gateways\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4e13\u95e8\u4e3a\u79fb\u52a8\u3001\u4e91\u3001\u5e94\u7528\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09\u3001\u7f51\u7edc\u3001\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u3001B2B\u548c\u4e91\u5de5\u4f5c\u8d1f\u8f7d\u800c\u8bbe\u8ba1\u7684\u5b89\u5168\u548c\u96c6\u6210\u5e73\u53f0\uff0c\u5b83\u53ef\u5229\u7528\u4e13\u7528\u7f51\u5173\u5e73\u53f0\u8de8\u6e20\u9053\u4fdd\u62a4\u3001\u96c6\u6210\u548c\u4f18\u5316\u8bbf\u95ee\u3002\n\nIBM DataPower Gateways\u5b58\u5728\u5f31\u52a0\u5bc6\u7b97\u6cd5\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6\u9ad8\u5ea6\u654f\u611f\u7684\u4fe1\u606f\u3002",
  "discovererName": "Srinivasarao Kotipalli \u0026 Jeremy Soh",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.ibm.com/support/docview.wss?uid=ibm10744195",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25272",
  "openTime": "2018-12-14",
  "patchDescription": "IBM DataPower Gateways\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4e13\u95e8\u4e3a\u79fb\u52a8\u3001\u4e91\u3001\u5e94\u7528\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09\u3001\u7f51\u7edc\u3001\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u3001B2B\u548c\u4e91\u5de5\u4f5c\u8d1f\u8f7d\u800c\u8bbe\u8ba1\u7684\u5b89\u5168\u548c\u96c6\u6210\u5e73\u53f0\uff0c\u5b83\u53ef\u5229\u7528\u4e13\u7528\u7f51\u5173\u5e73\u53f0\u8de8\u6e20\u9053\u4fdd\u62a4\u3001\u96c6\u6210\u548c\u4f18\u5316\u8bbf\u95ee\u3002\r\n\r\nIBM DataPower Gateway\u5b58\u5728\u5f31\u52a0\u5bc6\u7b97\u6cd5\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6\u9ad8\u5ea6\u654f\u611f\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM DataPower Gateway\u5f31\u52a0\u5bc6\u7b97\u6cd5\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM DataPower Gateway 7.6.0.10",
      "IBM DataPower Gateways \u003e=7.5.2.0\uff0c\u003c=7.5.2.17",
      "IBM DataPower Gateways \u003e=7.5.1.0\uff0c\u003c=7.5.1.17",
      "IBM DataPower Gateways \u003e=7.5.0.0\uff0c\u003c=7.5.0.18",
      "IBM DataPower Gateways \u003e=7.7.0.0\uff0c\u003c=7.7.1.3"
    ]
  },
  "referenceLink": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744195",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-14",
  "title": "IBM DataPower Gateways\u5f31\u52a0\u5bc6\u7b97\u6cd5\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1665 (GCVE-0-2018-1665)

VAR-201812-0416

FKIE_CVE-2018-1665

GHSA-6W64-P2VC-5PH5

GSD-2018-1665

CNVD-2018-25272

Tags

Sightings

Nomenclature