First published: Thu Feb 07 2019(Updated: )
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM DataPower Gateway | >=7.5.0.0<=7.5.0.19 | |
IBM DataPower Gateway | >=7.5.1.0<=7.5.1.18 | |
IBM DataPower Gateway | >=7.5.2.0<=7.5.2.18 | |
IBM DataPower Gateway | >=7.6.0.0<=7.6.0.11 | |
IBM DataPower Gateway | >=7.7.0.0<=7.7.1.3 | |
IBM DataPower Gateway | =2018.4.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-1666 is medium with a severity value of 4.3.
IBM DataPower Gateway versions 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 are affected by CVE-2018-1666.
CVE-2018-1666 allows an authenticated user to inject arbitrary messages that would be displayed on the UI of IBM DataPower Gateway.
Yes, you can find more information about CVE-2018-1666 at the following links: [1] https://exchange.xforce.ibmcloud.com/vulnerabilities/144892, [2] https://www.ibm.com/support/docview.wss?uid=ibm10744205
To fix CVE-2018-1666, it is recommended to apply the necessary patches or updates provided by IBM with the affected versions.