Arbitrary Message Injection Vulnerability in IBM DataPower Gateway

Arbitrary Message Injection Vulnerability in IBM DataPower Gateway

CVE-2018-1666 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.

Learn more about our User Device Pen Test.