CVE-2018-1667 Information
Feb 14, 2021
cve
Description
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10 7.5.2.0 through 7.5.2.17 7.5.1.0 through 7.5.1.17 7.5.0.0 through 7.5.0.18 and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/144893 https://www.ibm.com/support/docview.wss?uid=ibm10744209
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: