CVE-2018-1668

MEDIUM

IBM Datapower Gateway < 7.5.0.19 - Authentication Bypass

Title source: rule
STIX 2.1

Description

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.

References (2)

Core 2
Core References
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/144894
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=ibm10794735

Scores

CVSS v3 5.3
EPSS 0.0140
EPSS Percentile 69.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-287
Status published
Products (1)
ibm/datapower_gateway 7.5.0.0 - 7.5.0.19
Published Jan 29, 2019
Tracked Since Feb 18, 2026