Vulnerabilities > IBM > Datapower Gateway > 7.5.2.17

DATE CVE VULNERABILITY TITLE RISK
2019-02-07 CVE-2018-1666 Unspecified vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI.
network
low complexity
ibm
4.0
4.0
2019-01-29 CVE-2018-1668 Improper Authentication vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information.
network
low complexity
ibm CWE-287
5.0
5.0
2018-12-13 CVE-2018-1667 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2018-12-13 CVE-2018-1665 Inadequate Encryption Strength vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
5.0
5.0