CVE-2018-1661: CSRF
First published: Thu Dec 20 2018(Updated: )
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DataPower Gateway | >=7.5.0.0<=7.5.0.17 | |
| IBM DataPower Gateway | >=7.5.1.0<=7.5.1.16 | |
| IBM DataPower Gateway | >=7.5.2.0<=7.5.2.16 | |
| IBM DataPower Gateway | >=7.6.0.0<=7.6.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1661?
CVE-2018-1661 is a vulnerability in IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 that allows for cross-site request forgery attacks.
What is the severity of CVE-2018-1661?
CVE-2018-1661 has a severity rating of 8.8 (high).
How does CVE-2018-1661 impact IBM DataPower Gateways?
CVE-2018-1661 allows attackers to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Which versions of IBM DataPower Gateways are affected by CVE-2018-1661?
IBM DataPower Gateways versions 7.5, 7.5.1, 7.5.2, and 7.6 are affected by CVE-2018-1661.
How can I fix the vulnerability in IBM DataPower Gateways (CVE-2018-1661)?
To fix the vulnerability, update to a version that is not affected by CVE-2018-1661. Refer to IBM's documentation for specific version information.
- collector/nvd-index
- vendor/ibm
- canonical/ibm datapower gateway
- version/ibm datapower gateway/7.5.0.0
- version/ibm datapower gateway/7.5.0.17
- version/ibm datapower gateway/7.5.1.0
- version/ibm datapower gateway/7.5.1.16
- version/ibm datapower gateway/7.5.2.0
- version/ibm datapower gateway/7.5.2.16
- version/ibm datapower gateway/7.6.0.0
- version/ibm datapower gateway/7.6.0.9