CVE-2018-1677 - OpenCVE

IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Datapower Gateway

Configuration 1 [-]

OR	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/106284
https://exchange.xforce.ibmcloud.com/vulnerabilities/145171
https://www.ibm.com/support/docview.wss?uid=ibm10744555

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2018-12-20T14:00:00Z

Updated: 2024-09-16T20:17:29.202Z

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1677

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-12-20T14:29:00.307

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-1677

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "DataPower Gateways", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.1"}, {"status": "affected", "version": "7.2"}, {"status": "affected", "version": "7.5"}, {"status": "affected", "version": "7.5.1"}, {"status": "affected", "version": "7.5.2"}, {"status": "affected", "version": "7.6"}, {"status": "affected", "version": "7.7"}]}], "datePublic": "2018-12-12T00:00:00", "descriptions": [{"lang": "en", "value": "IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/AC:H/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-25T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-websphere-cve20181677-dos(145171)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145171"}, {"name": "106284", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106284"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744555"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-12-12T00:00:00", "ID": "CVE-2018-1677", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DataPower Gateways", "version": {"version_data": [{"version_value": "7.1"}, {"version_value": "7.2"}, {"version_value": "7.5"}, {"version_value": "7.5.1"}, {"version_value": "7.5.2"}, {"version_value": "7.6"}, {"version_value": "7.7"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "H", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "ibm-websphere-cve20181677-dos(145171)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145171"}, {"name": "106284", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106284"}, {"name": "https://www.ibm.com/support/docview.wss?uid=ibm10744555", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744555"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:07:44.337Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-websphere-cve20181677-dos(145171)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145171"}, {"name": "106284", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106284"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744555"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1677", "datePublished": "2018-12-20T14:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T20:17:29.202Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C70F93-EA44-4200-AC1B-E0359CBD5B91", "versionEndIncluding": "7.1.0.22", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF183CF6-467F-412D-8225-5AE775EA2EDE", "versionEndIncluding": "7.2.0.20", "versionStartIncluding": "7.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "F013A2B8-0D79-460F-9ACF-C4E4ED2A8E4E", "versionEndIncluding": "7.5.0.15", "versionStartIncluding": "7.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FD007B3-FFA3-4460-8871-C1A2C0ED2743", "versionEndIncluding": "7.5.1.14", "versionStartIncluding": "7.5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A022CB5-8201-4264-8E9E-BC01CBF656D4", "versionEndIncluding": "7.5.2.14", "versionStartIncluding": "7.5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC98A9E9-9428-468F-B9E0-D2D3AFE7B61A", "versionEndIncluding": "7.6.0.7", "versionStartIncluding": "7.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA8CD006-78BF-46DE-81F3-6639AA2F2EEA", "versionEndIncluding": "7.7.1.0", "versionStartIncluding": "7.7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171."}, {"lang": "es", "value": "IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6 y 7.7 as\u00ed como IBM MQ Appliance, son vulnerables a una denegaci\u00f3n de servicio (DoS) provocada por el manejo incorrecto de un sistema de archivos completo. Un atacante local podr\u00eda explotar esta vulnerabilidad para provocar una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 145171."}], "id": "CVE-2018-1677", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2018-12-20T14:29:00.307", "references": [{"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106284"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145171"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744555"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}