Detections
Analytics

IBM DataPower Gateway < 7.5.2.2 Default Admin Password Security Bypass

high Nessus Plugin ID 97019

Language:

Synopsis

A web application running on the remote host is affected by a security bypass vulnerability.

Description

According to its self-reported version, the IBM DataPower Gateway running on the remote host is prior to 7.5.2.2. It is, therefore, affected by a security bypass vulnerability due to the default password still being accepted as valid if the administrator logs in before the startup configuration is completed.

Solution

Upgrade to IBM DataPower Gateway version 7.5.2.2 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg1IT18055

Plugin Details

Severity: High

ID: 97019

File Name: ibm_datapower_gateway_default_admin_passwd.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 2/6/2017

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:datapower_gateway

Required KB Items: installed_sw/IBM DataPower Gateway

Patch Publication Date: 1/18/2017

Vulnerability Publication Date: 1/18/2017