IBM DataPower Gateway < Default Admin Password Security Bypass

High Nessus Plugin ID 97019


A web application running on the remote host is affected by a security bypass vulnerability.


According to its self-reported version, the IBM DataPower Gateway running on the remote host is prior to It is, therefore, affected by a security bypass vulnerability due to the default password still being accepted as valid if the administrator logs in before the startup configuration is completed.


Upgrade to IBM DataPower Gateway version or later.

See Also

Plugin Details

Severity: High

ID: 97019

File Name: ibm_datapower_gateway_default_admin_passwd.nasl

Version: $Revision: 1.2 $

Type: remote

Family: Misc.

Published: 2017/02/06

Modified: 2017/02/08

Dependencies: 97020

Risk Information

Risk Factor: High


Base Score: 7.6

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 8.1

Temporal Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:ibm:datapower_gateway

Required KB Items: installed_sw/IBM DataPower Gateway

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/01/18

Vulnerability Publication Date: 2017/01/18

Reference Information

OSVDB: 150713