CVE-2018-1661

Published: Dec 20, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.

Affected (4)

Products: Ibm: Datapower Gateway

1 product

Datapower Gateway

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Datapower Gateway	From 7.5.0.0 to 7.5.0.17
Ibm Datapower Gateway	From 7.5.1.0 to 7.5.1.16
Ibm Datapower Gateway	From 7.5.2.0 to 7.5.2.16
Ibm Datapower Gateway	From 7.6.0.0 to 7.6.0.9

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www.securityfocus.com/bid/106329

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/144887

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10744189

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/106329

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/144887

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10744189

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.