cvelistv5 - cve-2018-1669

CVE-2018-1669 (GCVE-0-2018-1669)

Vulnerability from cvelistv5 – Published: 2018-09-25 16:00 – Updated: 2024-09-16 22:21

Summary

Severity ?

7.1 (High)


                        
                          CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10730489	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

Vendor

Product

Version

IBM

DataPower Gateways

Affected: 7.1.0.0
Affected: 7.1.0.23
Affected: 7.2.0.0
Affected: 7.2.0.21
Affected: 7.5.0.0
Affected: 7.5.1.0
Affected: 7.6.0.0
Affected: 7.5.2.0
Affected: 7.5.0.16
Affected: 7.5.1.15
Affected: 7.6.0.8
Affected: 7.5.2.15

IBM

DataPower Gateway CD

Affected: 7.7.0.0
Affected: 7.7.1.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
          },
          {
            "name": "ibm-websphere-cve20181669-info-disc(144950)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DataPower Gateways",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0.0"
            },
            {
              "status": "affected",
              "version": "7.1.0.23"
            },
            {
              "status": "affected",
              "version": "7.2.0.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.21"
            },
            {
              "status": "affected",
              "version": "7.5.0.0"
            },
            {
              "status": "affected",
              "version": "7.5.1.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.0"
            },
            {
              "status": "affected",
              "version": "7.5.2.0"
            },
            {
              "status": "affected",
              "version": "7.5.0.16"
            },
            {
              "status": "affected",
              "version": "7.5.1.15"
            },
            {
              "status": "affected",
              "version": "7.6.0.8"
            },
            {
              "status": "affected",
              "version": "7.5.2.15"
            }
          ]
        },
        {
          "product": "DataPower Gateway CD",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.7.0.0"
            },
            {
              "status": "affected",
              "version": "7.7.1.2"
            }
          ]
        }
      ],
      "datePublic": "2018-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-25T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
        },
        {
          "name": "ibm-websphere-cve20181669-info-disc(144950)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-09-20T00:00:00",
          "ID": "CVE-2018-1669",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DataPower Gateways",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1.0.0"
                          },
                          {
                            "version_value": "7.1.0.23"
                          },
                          {
                            "version_value": "7.2.0.0"
                          },
                          {
                            "version_value": "7.2.0.21"
                          },
                          {
                            "version_value": "7.5.0.0"
                          },
                          {
                            "version_value": "7.5.1.0"
                          },
                          {
                            "version_value": "7.6.0.0"
                          },
                          {
                            "version_value": "7.5.2.0"
                          },
                          {
                            "version_value": "7.5.0.16"
                          },
                          {
                            "version_value": "7.5.1.15"
                          },
                          {
                            "version_value": "7.6.0.8"
                          },
                          {
                            "version_value": "7.5.2.15"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "DataPower Gateway CD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.7.0.0"
                          },
                          {
                            "version_value": "7.7.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10730489",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
            },
            {
              "name": "ibm-websphere-cve20181669-info-disc(144950)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1669",
    "datePublished": "2018-09-25T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T22:21:18.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.1.0.0\", \"versionEndIncluding\": \"7.1.0.23\", \"matchCriteriaId\": \"69375372-AF42-4418-B158-1C77F189C98F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2.0.0\", \"versionEndIncluding\": \"7.2.0.21\", \"matchCriteriaId\": \"0AC1AB57-FD0C-48E9-A7D0-187F4BC7BF4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.5.0.0\", \"versionEndIncluding\": \"7.5.0.16\", \"matchCriteriaId\": \"311319B3-E639-4E8F-821D-D015ABBE5BDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.5.1.0\", \"versionEndIncluding\": \"7.5.1.15\", \"matchCriteriaId\": \"42D9086E-01CA-45A6-997F-4FEF06129563\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.5.2.0\", \"versionEndIncluding\": \"7.5.2.15\", \"matchCriteriaId\": \"E1532496-EB5E-4DD6-B036-2CB51CCF34C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.6.0.0\", \"versionEndIncluding\": \"7.6.0.8\", \"matchCriteriaId\": \"0082AC99-D241-4250-9DCF-4149EB06E489\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*\", \"versionStartIncluding\": \"7.7.0.0\", \"versionEndIncluding\": \"7.7.1.2\", \"matchCriteriaId\": \"53430850-E693-48AB-9E79-75227711EF91\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.\"}, {\"lang\": \"es\", \"value\": \"IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15 y 7.6.0.0 - 7.6.0.8, as\\u00ed como IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 son vulnerables a un ataque XEE (XML External Entity) al procesar datos XML. Un atacante remoto podr\\u00eda explotar esta vulnerabilidad para exponer informaci\\u00f3n sensible o consumir recursos de la memoria. IBM X-Force ID: 144950.\"}]",
      "id": "CVE-2018-1669",
      "lastModified": "2024-11-21T04:00:10.480",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:P\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-09-25T15:29:01.237",
      "references": "[{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/144950\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\"]}, {\"url\": \"https://www.ibm.com/support/docview.wss?uid=ibm10730489\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/144950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\"]}, {\"url\": \"https://www.ibm.com/support/docview.wss?uid=ibm10730489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1669\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2018-09-25T15:29:01.237\",\"lastModified\":\"2024-11-21T04:00:10.480\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.\"},{\"lang\":\"es\",\"value\":\"IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15 y 7.6.0.0 - 7.6.0.8, as\u00ed como IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 son vulnerables a un ataque XEE (XML External Entity) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n sensible o consumir recursos de la memoria. IBM X-Force ID: 144950.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0.0\",\"versionEndIncluding\":\"7.1.0.23\",\"matchCriteriaId\":\"69375372-AF42-4418-B158-1C77F189C98F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0.0\",\"versionEndIncluding\":\"7.2.0.21\",\"matchCriteriaId\":\"0AC1AB57-FD0C-48E9-A7D0-187F4BC7BF4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.0.0\",\"versionEndIncluding\":\"7.5.0.16\",\"matchCriteriaId\":\"311319B3-E639-4E8F-821D-D015ABBE5BDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.1.0\",\"versionEndIncluding\":\"7.5.1.15\",\"matchCriteriaId\":\"42D9086E-01CA-45A6-997F-4FEF06129563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.2.0\",\"versionEndIncluding\":\"7.5.2.15\",\"matchCriteriaId\":\"E1532496-EB5E-4DD6-B036-2CB51CCF34C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.6.0.0\",\"versionEndIncluding\":\"7.6.0.8\",\"matchCriteriaId\":\"0082AC99-D241-4250-9DCF-4149EB06E489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*\",\"versionStartIncluding\":\"7.7.0.0\",\"versionEndIncluding\":\"7.7.1.2\",\"matchCriteriaId\":\"53430850-E693-48AB-9E79-75227711EF91\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/144950\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\"]},{\"url\":\"https://www.ibm.com/support/docview.wss?uid=ibm10730489\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/144950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]},{\"url\":\"https://www.ibm.com/support/docview.wss?uid=ibm10730489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2018-1669

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1669

Aliases

CVE-2018-1669

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1669",
    "description": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.",
    "id": "GSD-2018-1669"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1669"
      ],
      "details": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.",
      "id": "GSD-2018-1669",
      "modified": "2023-12-13T01:22:37.058917Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2018-09-20T00:00:00",
        "ID": "CVE-2018-1669",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DataPower Gateways",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.1.0.0"
                        },
                        {
                          "version_value": "7.1.0.23"
                        },
                        {
                          "version_value": "7.2.0.0"
                        },
                        {
                          "version_value": "7.2.0.21"
                        },
                        {
                          "version_value": "7.5.0.0"
                        },
                        {
                          "version_value": "7.5.1.0"
                        },
                        {
                          "version_value": "7.6.0.0"
                        },
                        {
                          "version_value": "7.5.2.0"
                        },
                        {
                          "version_value": "7.5.0.16"
                        },
                        {
                          "version_value": "7.5.1.15"
                        },
                        {
                          "version_value": "7.6.0.8"
                        },
                        {
                          "version_value": "7.5.2.15"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "DataPower Gateway CD",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.7.0.0"
                        },
                        {
                          "version_value": "7.7.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "L",
            "AC": "L",
            "AV": "N",
            "C": "H",
            "I": "N",
            "PR": "L",
            "S": "U",
            "SCORE": "7.100",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Obtain Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/docview.wss?uid=ibm10730489",
            "refsource": "CONFIRM",
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
          },
          {
            "name": "ibm-websphere-cve20181669-info-disc(144950)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.0.16",
                "versionStartIncluding": "7.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.0.23",
                "versionStartIncluding": "7.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.7.1.2",
                "versionStartIncluding": "7.7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.6.0.8",
                "versionStartIncluding": "7.6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.2.15",
                "versionStartIncluding": "7.5.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.1.15",
                "versionStartIncluding": "7.5.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.0.21",
                "versionStartIncluding": "7.2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2018-1669"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10730489",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
            },
            {
              "name": "ibm-websphere-cve20181669-info-disc(144950)",
              "refsource": "XF",
              "tags": [
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2019-10-09T23:38Z",
      "publishedDate": "2018-09-25T15:29Z"
    }
  }
}

FKIE_CVE-2018-1669

Vulnerability from fkie_nvd - Published: 2018-09-25 15:29 - Updated: 2024-11-21 04:00

Severity ?

7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/144950	VDB Entry
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10730489	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/144950	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10730489	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	datapower_gateway	*
ibm	datapower_gateway	*
ibm	datapower_gateway	*
ibm	datapower_gateway	*
ibm	datapower_gateway	*
ibm	datapower_gateway	*
ibm	datapower_gateway	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69375372-AF42-4418-B158-1C77F189C98F",
              "versionEndIncluding": "7.1.0.23",
              "versionStartIncluding": "7.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AC1AB57-FD0C-48E9-A7D0-187F4BC7BF4C",
              "versionEndIncluding": "7.2.0.21",
              "versionStartIncluding": "7.2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "311319B3-E639-4E8F-821D-D015ABBE5BDD",
              "versionEndIncluding": "7.5.0.16",
              "versionStartIncluding": "7.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42D9086E-01CA-45A6-997F-4FEF06129563",
              "versionEndIncluding": "7.5.1.15",
              "versionStartIncluding": "7.5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1532496-EB5E-4DD6-B036-2CB51CCF34C2",
              "versionEndIncluding": "7.5.2.15",
              "versionStartIncluding": "7.5.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0082AC99-D241-4250-9DCF-4149EB06E489",
              "versionEndIncluding": "7.6.0.8",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "53430850-E693-48AB-9E79-75227711EF91",
              "versionEndIncluding": "7.7.1.2",
              "versionStartIncluding": "7.7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950."
    },
    {
      "lang": "es",
      "value": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15 y 7.6.0.0 - 7.6.0.8, as\u00ed como IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 son vulnerables a un ataque XEE (XML External Entity) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n sensible o consumir recursos de la memoria. IBM X-Force ID: 144950."
    }
  ],
  "id": "CVE-2018-1669",
  "lastModified": "2024-11-21T04:00:10.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-25T15:29:01.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-427Q-VV76-73CH

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32

Details

Severity ?

7.1 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1669"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-25T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.",
  "id": "GHSA-427q-vv76-73ch",
  "modified": "2022-05-13T01:32:58Z",
  "published": "2022-05-13T01:32:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1669"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-20104

Vulnerability from cnvd - Published: 2018-09-28

Title

IBM DataPower Gateway XML外部实体注入漏洞

Description

IBM DataPower Gateways是美国IBM公司的一套专门为移动、云、应用编程接口（API）、网络、面向服务架构（SOA）、B2B和云工作负载而设计的安全和集成平台，它可利用专用网关平台跨渠道保护、集成和优化访问。 IBM DataPower Gateway中存在XML外部实体注入漏洞，远程攻击者可利用该漏洞获取敏感信息或消耗内存资源。

Severity

高

Patch Name

IBM DataPower Gateway XML外部实体注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www-01.ibm.com/support/docview.wss?uid=ibm10730489

Reference

https://www-01.ibm.com/support/docview.wss?uid=ibm10730489 https://exchange.xforce.ibmcloud.com/vulnerabilities/144950

Impacted products

Name
['IBM DataPower Gateways >=7.1.0.0，<=7.1.0.2', 'IBM DataPower Gateways >=7.2.0.0，<=7.2.0.21', 'IBM DataPower Gateways >=7.5.0.0，<=7.5.0.16', 'IBM DataPower Gateways >=7.5.1.0，<=7.5.1.15', 'IBM DataPower Gateways >=7.5.2.0，<=7.5.2.15', 'IBM DataPower Gateways >=7.6.0.0，<=7.6.0.8', 'IBM DataPower Gateway CD >=7.7.0.0，<=7.7.1.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1669"
    }
  },
  "description": "IBM DataPower Gateways\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4e13\u95e8\u4e3a\u79fb\u52a8\u3001\u4e91\u3001\u5e94\u7528\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09\u3001\u7f51\u7edc\u3001\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u3001B2B\u548c\u4e91\u5de5\u4f5c\u8d1f\u8f7d\u800c\u8bbe\u8ba1\u7684\u5b89\u5168\u548c\u96c6\u6210\u5e73\u53f0\uff0c\u5b83\u53ef\u5229\u7528\u4e13\u7528\u7f51\u5173\u5e73\u53f0\u8de8\u6e20\u9053\u4fdd\u62a4\u3001\u96c6\u6210\u548c\u4f18\u5316\u8bbf\u95ee\u3002\r\n\r\nIBM DataPower Gateway\u4e2d\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u6d88\u8017\u5185\u5b58\u8d44\u6e90\u3002",
  "discovererName": "Srinivasarao Kotipalli \u0026 Jeremy Soh",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www-01.ibm.com/support/docview.wss?uid=ibm10730489",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20104",
  "openTime": "2018-09-28",
  "patchDescription": "IBM DataPower Gateways\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4e13\u95e8\u4e3a\u79fb\u52a8\u3001\u4e91\u3001\u5e94\u7528\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09\u3001\u7f51\u7edc\u3001\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u3001B2B\u548c\u4e91\u5de5\u4f5c\u8d1f\u8f7d\u800c\u8bbe\u8ba1\u7684\u5b89\u5168\u548c\u96c6\u6210\u5e73\u53f0\uff0c\u5b83\u53ef\u5229\u7528\u4e13\u7528\u7f51\u5173\u5e73\u53f0\u8de8\u6e20\u9053\u4fdd\u62a4\u3001\u96c6\u6210\u548c\u4f18\u5316\u8bbf\u95ee\u3002\r\n\r\nIBM DataPower Gateway\u4e2d\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u6d88\u8017\u5185\u5b58\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM DataPower Gateway XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM DataPower Gateways \u003e=7.1.0.0\uff0c\u003c=7.1.0.2",
      "IBM DataPower Gateways \u003e=7.2.0.0\uff0c\u003c=7.2.0.21",
      "IBM DataPower Gateways \u003e=7.5.0.0\uff0c\u003c=7.5.0.16",
      "IBM DataPower Gateways \u003e=7.5.1.0\uff0c\u003c=7.5.1.15",
      "IBM DataPower Gateways \u003e=7.5.2.0\uff0c\u003c=7.5.2.15",
      "IBM DataPower Gateways \u003e=7.6.0.0\uff0c\u003c=7.6.0.8",
      "IBM DataPower Gateway CD \u003e=7.7.0.0\uff0c\u003c=7.7.1.2"
    ]
  },
  "referenceLink": "https://www-01.ibm.com/support/docview.wss?uid=ibm10730489\r\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144950",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-27",
  "title": "IBM DataPower Gateway XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e"
}

VAR-201809-0549

Vulnerability from variot - Updated: 2023-12-18 13:48

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950. Vendors have confirmed this vulnerability IBM X-Force ID: 144950 It is released as.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. Version 2.0 to version 7.5.2.15, version 7.6.0.0 to version 7.6.0.8, IBM DataPower Gateway CD version 7.7.0.0 to version 7.7.1.2

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0549",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.2.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.1.15"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.7.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.16"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.6.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.2.0.21"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.2.15"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.7.1.2"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1.0.23"
      },
      {
        "model": "datapower gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.6.0.8"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.1.0.0 to  7.1.0.23"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.2.0.0 to  7.2.0.21"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.0.0 to  7.5.0.16"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.1.0 to  7.5.1.15"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.2.0 to  7.5.2.15"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.6.0.0 to  7.6.0.8"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "cd 7.7.0.0 to  7.7.1.2"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.7.1.2"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.7.1.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.7.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.7.1.1"
      },
      {
        "model": "datapower gateway cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.1.2"
      },
      {
        "model": "datapower gateway cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.8"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.15"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.10"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.15"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.10"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.16"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.11"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.4"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.21"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.17"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.4"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.3"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.23"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.22"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.20"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.19"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.18"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.15"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.14"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.12"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "107853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1669"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.0.16",
                "versionStartIncluding": "7.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.0.23",
                "versionStartIncluding": "7.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.7.1.2",
                "versionStartIncluding": "7.7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.6.0.8",
                "versionStartIncluding": "7.6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.2.15",
                "versionStartIncluding": "7.5.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.1.15",
                "versionStartIncluding": "7.5.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.0.21",
                "versionStartIncluding": "7.2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1669"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Srinivasarao Kotipalli \u0026 Jeremy Soh",
    "sources": [
      {
        "db": "BID",
        "id": "107853"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1669",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-1669",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-127074",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 7.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-1669",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1669",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2018-1669",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-1098",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-127074",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127074"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1669"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1669"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950. Vendors have confirmed this vulnerability IBM X-Force ID: 144950 It is released as.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. Version 2.0 to version 7.5.2.15, version 7.6.0.0 to version 7.6.0.8, IBM DataPower Gateway CD version 7.7.0.0 to version 7.7.1.2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "db": "BID",
        "id": "107853"
      },
      {
        "db": "VULHUB",
        "id": "VHN-127074"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1669",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1098",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "107853",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-127074",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127074"
      },
      {
        "db": "BID",
        "id": "107853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1669"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ]
  },
  "id": "VAR-201809-0549",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127074"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:48:10.005000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "0730489",
        "trust": 0.8,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10730489"
      },
      {
        "title": "ibm-websphere-cve20181669-info-disc (144950)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
      },
      {
        "title": "IBM DataPower Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85153"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-611",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127074"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1669"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10730489"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144950"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1669"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1669"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10730489"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127074"
      },
      {
        "db": "BID",
        "id": "107853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1669"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-127074"
      },
      {
        "db": "BID",
        "id": "107853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1669"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-127074"
      },
      {
        "date": "2018-09-20T00:00:00",
        "db": "BID",
        "id": "107853"
      },
      {
        "date": "2018-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "date": "2018-09-25T15:29:01.237000",
        "db": "NVD",
        "id": "CVE-2018-1669"
      },
      {
        "date": "2018-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-127074"
      },
      {
        "date": "2018-09-20T00:00:00",
        "db": "BID",
        "id": "107853"
      },
      {
        "date": "2018-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      },
      {
        "date": "2019-10-09T23:38:51.243000",
        "db": "NVD",
        "id": "CVE-2018-1669"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM DataPower Gateway and  DataPower Gateway CD In  XML External entity vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010240"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-1098"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1669 (GCVE-0-2018-1669)

GSD-2018-1669

FKIE_CVE-2018-1669

GHSA-427Q-VV76-73CH

CNVD-2018-20104

VAR-201809-0549

Tags

Sightings

Nomenclature