Ibm: >> Datapower Gateway >> 7.6.0.11 Security Vulnerabilities
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
CVSS Score
8.1
EPSS Score
0.008
Published
2019-12-09
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.
CVSS Score
8.4
EPSS Score
0.001
Published
2019-08-20
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-02-07
IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-01-29