{ "id": "CVE-2017-1591", "sourceIdentifier": "psirt@us.ibm.com", "published": "2017-09-28T01:29:02.793", "lastModified": "2017-10-06T19:34:19.320", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368." }, { "lang": "es", "value": "IBM WebSphere DataPower Appliances versi\u00f3n 7.0.0 hasta 7.6, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, y por lo tanto, alterar la funcionalidad deseada que podr\u00eda conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 132368." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A38D3F1-B9B7-4507-9E7D-8D6BB6B4BA5E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCDD32DA-E5B7-4396-8DE4-EEE9E2A2578B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "102B1969-5BE1-4CC2-9588-691D715F4DA2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8EBFF6E-53A2-4187-801A-8640D941C717" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A51FA23-9FF6-4236-9EBE-C063EA70211B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "16E0456B-A3DA-4E78-9566-11106CB57B86" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "79CAC5E6-15C2-4F22-A3D3-CA58A33903F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B4A92C11-CB05-4D5F-A58D-1AC2A2AE49E1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "2A9C4B24-3F61-4790-920E-67A287F4FD27" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "3470C5C5-0023-433F-8266-05EDAC5E1C59" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "036E1DC3-3CFF-4F20-B908-36871BC513EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "EAC5134B-9542-4EA3-A10B-C7A3C6DEFF22" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "8F5389D4-9396-428F-90B2-F1E91B600A83" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "49945A97-02BF-4F4B-80C3-CEE2ADEF8142" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "3F6F1087-E586-4D87-B323-CE8FBB370DF2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "BCDA13A7-83FE-4B20-A7D0-76183699B09C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "FE9AD587-4B32-439F-9C99-3A5E293C6CFE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "351F8DC4-34ED-478A-8F63-530E91651861" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "964ED59D-2118-47F8-BD01-66051DC7957D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "7FED8A1C-7C8B-4636-BD55-A30F361BF3B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A46CC198-5282-4398-9AA3-96FA18D1B76F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D48173CD-C84A-4A3A-A91A-E3808BFD0CCD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5EDB53F0-8AFD-4ACC-A8EC-D910E5B77996" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "022E5711-C03B-4456-8F31-C7685E010FD7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1FEDAEBE-CB98-4B2B-A228-4B730401262F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4BFA9D43-38AE-4331-8031-DE20A0DDB02A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A159909C-C85A-4A6D-B2FE-AAC130BAFC40" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "48CAF192-4F42-4DCB-8F81-9B72554CD5A4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "1D0C8E56-F6C9-4D91-B974-6A4DD6D2593F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "48B717E5-84C1-4CF5-BDDB-22EC2EE9DE2C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "44805D56-CD37-480D-947F-C7B075E72F22" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "F297CABF-10ED-405B-AEEB-FED174EF56A8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "AC7929BF-68EE-440D-92AE-77A4984CF3D7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "DB853AEF-DF28-477A-B6F0-3EDE63BCA93A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "3D84AAA9-B3B9-42F9-9703-847DFE8D8178" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "11E7C415-D1CF-4A76-9FE2-DED1605D0AC0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "A4AB722E-0E6D-4DCD-A57A-B74B4C2A96E0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "BA7E3EE6-A73F-467C-A9D9-52A35597E7C4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "36BDBADF-65FA-4EC7-AF9E-AB6A03668154" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D32139A0-894E-4A7D-AED8-4584B1680693" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F41AB81C-9F09-4DCC-BACA-25164CA8053D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "33502503-EA47-4498-ABA5-A37E1D0604D3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9BFCE704-2DEC-4339-927E-0519DBCC3B19" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2C5ACAC-960B-42BC-9D5E-CF6AEDB33CD4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "3072ABC1-22E9-462F-80EB-489504BC9CC9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "D53DB10C-C377-4ABD-9470-325AE52B8AC5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "67C298EB-410E-4953-A972-33666EFA7D77" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "2FC5B96D-DE35-43AC-B720-D35E390DA78A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "EE47689B-4233-4038-A0D6-E88567F60BB5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "EE074A6E-6FE8-4E6F-BA2B-C1AC95D6D248" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "9C39DC4C-2268-4D29-8B3B-F84761ECF4AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "DFA8FE6D-BB4A-4AF6-871C-F0681E59C6AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "6092928D-BF84-4A46-8ADA-21D36CD4E230" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "5A47EBCD-4160-4B17-80ED-3C89629BE8E2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "4AFA5522-29C8-4496-B4E1-B894C1DA7AA7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "99CA8ACA-4060-49DE-BF60-7D196F175615" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "267E68E8-EB07-462E-94BB-4F96A63443E8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9BB2F80D-9908-4269-9115-DFF5339705C7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0914A678-A86D-436B-822A-656811CC9EE4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1C7E02EE-BC8E-4B40-82BD-986A93C816E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6851A125-1929-4839-A423-21A7EBAC7841" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E1E8E276-1BEE-4A88-B5DB-EE6C8947C91A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "1B328B8D-3B4E-4964-BC8F-506A498B1BEB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "48B7BCA8-CF1D-4EF1-B80A-819CB630C49A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "BBCBD768-EAD7-40A8-94D5-ECFDC796F1B6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A3BDECCB-7460-4212-AE2F-832E2B3F3AED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C2CA331B-79E6-4051-AA8B-AFDADFEFA718" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "44C2AA21-0527-4D6B-BAA4-8DDEA964E266" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "69FE278C-E00A-4739-9A93-5F8F86386455" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "22F1048C-F9E8-4EF2-AB0C-78E4D65A4925" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F4084264-D16A-45AC-A972-AAEE02BD4190" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "BAB166ED-6AF5-4C16-9E19-DB7B1DDD3B24" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "A71877AE-CFB5-4B11-880B-C9B2F090B177" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "119214C4-CF20-4BFE-A0FB-82D15193CB58" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "32D46C36-6662-48C2-B5B0-4BEDD040F68B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BBD560D9-B35F-41E6-9895-9F39E873B622" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C2469E01-F471-496A-800B-C369D6A4EDC2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "70347058-3EE4-4B01-98FF-53A0BA2202C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCDB0FC9-8890-45CF-BAA5-09CC655AC647" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "7DDCA98C-9360-4FCB-8B51-1C86994A2C48" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "B132DA61-30D2-4D04-B8A5-6678A6DF7670" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "AFDE5F6F-AED2-42ED-A3C7-E3DE7A395548" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "C8F74EF3-0B80-40C8-84E6-EA01F74738B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC26F69C-797D-431A-A948-046423AFE283" } ] } ] } ], "references": [ { "url": "http://www.ibm.com/support/docview.wss?uid=swg22008815", "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/101021", "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368", "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ] } ] }