CVE-2019-4621

Description

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.

CVSS breakdown

CVSS 3.0

Integrity

High

User Interaction

None

Scope

Unchanged

Attack Vector

Network

Privileges Required

None

Confidentiality

High

Attack Complexity

High

Availability

High

Unchanged

Changed

Affected products

ibm / DataPower Gateway7.6.0.0 – 7.6.0.0
ibm / DataPower Gateway2018.4.1.0 – 2018.4.1.0
ibm / DataPower Gateway7.6.0.14 – 7.6.0.14
ibm / DataPower Gateway2018.4.1.5 – 2018.4.1.5

References

MISChttps://www.ibm.com/support/pages/node/1125615
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/168883