ByteOS Network

NVD Vulnerability Details :

CVE-2018-1677

Modified

Source-psirt@us.ibm.com

Published At-20 Dec, 2018 | 14:29

Updated At-24 Aug, 2020 | 17:37

IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary	3.0	5.1	MEDIUM	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

IBM Corporation

>>datapower_gateway>>Versions from 7.1.0.0(inclusive) to 7.1.0.22(inclusive)

cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*

IBM Corporation

>>datapower_gateway>>Versions from 7.2.0.0(inclusive) to 7.2.0.20(inclusive)

cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*

IBM Corporation

>>datapower_gateway>>Versions from 7.5.0.0(inclusive) to 7.5.0.15(inclusive)

cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*

IBM Corporation

>>datapower_gateway>>Versions from 7.5.1.0(inclusive) to 7.5.1.14(inclusive)

cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*

IBM Corporation

>>datapower_gateway>>Versions from 7.5.2.0(inclusive) to 7.5.2.14(inclusive)

cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*

IBM Corporation

>>datapower_gateway>>Versions from 7.6.0.0(inclusive) to 7.6.0.7(inclusive)

cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*

IBM Corporation

>>datapower_gateway>>Versions from 7.7.0.0(inclusive) to 7.7.1.0(inclusive)

cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-755	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/106284	psirt@us.ibm.com	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/145171	psirt@us.ibm.com	VDB Entry Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10744555	psirt@us.ibm.com	Patch Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History