CVE-2019-4621
First published: Thu Dec 05 2019(Updated: )
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DataPower Gateway | >=7.6.0.0<=7.6.0.14 | |
| IBM DataPower Gateway | >=2018.4.1.0<=2018.4.1.5 | |
| IBM DataPower Gateway | <=2018.4.1.0-2018.4.1.5 | |
| IBM DataPower Gateway | <=7.6.0.0-7.6.0.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-4621.
What is the severity level of CVE-2019-4621?
The severity level of CVE-2019-4621 is critical.
Which products are affected by CVE-2019-4621?
IBM DataPower Gateway versions 7.6.0.0-7.6.0.14 and 2018.4.1.0-2018.4.1.5 are affected by CVE-2019-4621.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by using the default administrator account to gain unauthorized access to the BMC.
Is there a fix or patch available for CVE-2019-4621?
Yes, IBM has provided a fix for CVE-2019-4621. Please refer to the IBM support page for more information.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm datapower gateway
- version/ibm datapower gateway/7.6.0.0
- version/ibm datapower gateway/7.6.0.14
- version/ibm datapower gateway/2018.4.1.0
- version/ibm datapower gateway/2018.4.1.5
- version/ibm datapower gateway/2018.4.1.0-2018.4.1.5
- version/ibm datapower gateway/7.6.0.0-7.6.0.14