var-201812-0406
Vulnerability from variot
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889. IBM DataPower Gateways Contains an information disclosure vulnerability. Vendors report this vulnerability IBM X-Force ID: 144889 Published as.Information may be obtained. Successful exploits will lead to other attacks. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. The following versions are affected: IBM DataPower Gateway Version 7.7.0.0 to Version 7.7.1.3 (CD), Version 7.6.0.0 to Version 7.6.0.9, Version 7.5.2.0 to Version 7.5.2.16, Version 7.5.1.0 to Version 7.5.1.16 , version 7.5.0.0 to version 7.5.0.17
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0406", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "datapower gateway", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "2018.4" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.2.16" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.7.0.0" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.1.16" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.5.2.0" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.7.1.3" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.6.0.9" }, { "model": "datapower gateway", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.17" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.6.0.0" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "datapower gateway", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7.7.1.3" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7.7.0.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.5" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.5.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.5.2" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.6" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.7.1.2" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.7.1.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.7.1.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.6" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.8" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.13" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.12" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.8" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.4" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.3" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.13" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.12" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.14" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.13" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.10" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.9" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.16" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.16" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.17" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" } ], "sources": [ { "db": "BID", "id": "106199" }, { "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "db": "CNNVD", "id": "CNNVD-201812-284" }, { "db": "NVD", "id": "CVE-2018-1663" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ibm:datapower_gateway", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-012512" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM", "sources": [ { "db": "BID", "id": "106199" } ], "trust": 0.3 }, "cve": "CVE-2018-1663", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2018-1663", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-127008", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "id": "CVE-2018-1663", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-1663", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2018-1663", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-1663", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201812-284", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-127008", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127008" }, { "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "db": "CNNVD", "id": "CNNVD-201812-284" }, { "db": "NVD", "id": "CVE-2018-1663" }, { "db": "NVD", "id": "CVE-2018-1663" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889. IBM DataPower Gateways Contains an information disclosure vulnerability. Vendors report this vulnerability IBM X-Force ID: 144889 Published as.Information may be obtained. Successful exploits will lead to other attacks. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. The following versions are affected: IBM DataPower Gateway Version 7.7.0.0 to Version 7.7.1.3 (CD), Version 7.6.0.0 to Version 7.6.0.9, Version 7.5.2.0 to Version 7.5.2.16, Version 7.5.1.0 to Version 7.5.1.16 , version 7.5.0.0 to version 7.5.0.17", "sources": [ { "db": "NVD", "id": "CVE-2018-1663" }, { "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "db": "BID", "id": "106199" }, { "db": "VULHUB", "id": "VHN-127008" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-1663", "trust": 2.8 }, { "db": "BID", "id": "106199", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2018-012512", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201812-284", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-127008", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127008" }, { "db": "BID", "id": "106199" }, { "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "db": "CNNVD", "id": "CNNVD-201812-284" }, { "db": "NVD", "id": "CVE-2018-1663" } ] }, "id": "VAR-201812-0406", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127008" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:26:06.447000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "0740033", "trust": 0.8, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740033" }, { "title": "ibm-websphere-cve20181663-info-disc (144889)", "trust": 0.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144889" }, { "title": "IBM DataPower Gateways Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87551" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "db": "CNNVD", "id": "CNNVD-201812-284" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127008" }, { "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "db": "NVD", "id": "CVE-2018-1663" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106199" }, { "trust": 1.7, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740033" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144889" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1663" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1663" }, { "trust": 0.3, "url": "http://www.ibm.com" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740033" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127008" }, { "db": "BID", "id": "106199" }, { "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "db": "CNNVD", "id": "CNNVD-201812-284" }, { "db": "NVD", "id": "CVE-2018-1663" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127008" }, { "db": "BID", "id": "106199" }, { "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "db": "CNNVD", "id": "CNNVD-201812-284" }, { "db": "NVD", "id": "CVE-2018-1663" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-07T00:00:00", "db": "VULHUB", "id": "VHN-127008" }, { "date": "2018-12-05T00:00:00", "db": "BID", "id": "106199" }, { "date": "2019-02-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "date": "2018-12-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-284" }, { "date": "2018-12-07T16:29:00.413000", "db": "NVD", "id": "CVE-2018-1663" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-127008" }, { "date": "2018-12-05T00:00:00", "db": "BID", "id": "106199" }, { "date": "2019-02-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-012512" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-284" }, { "date": "2024-11-21T04:00:09.753000", "db": "NVD", "id": "CVE-2018-1663" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-284" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM DataPower Gateways Information Disclosure Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-012512" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-284" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.