Vulnerabilities > IBM > Datapower Gateway > 7.7.0.2

DATE CVE VULNERABILITY TITLE RISK
2019-02-07 CVE-2018-1666 Unspecified vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI.
network
low complexity
ibm
4.0
4.0
2018-12-20 CVE-2018-1677 Improper Handling of Exceptional Conditions vulnerability in IBM Datapower Gateway
IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system.
local
low complexity
ibm CWE-755
2.1
2.1
2018-12-13 CVE-2018-1667 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2018-12-13 CVE-2018-1665 Inadequate Encryption Strength vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
5.0
5.0