Man-in-the-middle attack in IBM DataPower Gateway

#VU16641 Man-in-the-middle attack in IBM DataPower Gateway

Published: 2018-12-07 | Updated: 2018-12-20

Vulnerability identifier: #VU16641

Vulnerability risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1663

CWE-ID: CWE-300

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM DataPower Gateway
Client/Desktop applications / Software for system administration

Vendor: IBM Corporation

Description

The vulnerability allows a remote attacker to conduct MITM attack.

The vulnerability exists due to the failure to properly enable HTTP Strict Transport Security. A remote attacker can use man-in-the-middle techniques and gain access to potentially sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

IBM DataPower Gateway: 7.6, 7.5 - 7.5.2

External links
http://www-01.ibm.com/support/docview.wss?uid=ibm10740033

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM DataPower Gateway