Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3818 IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-1652) 10 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM DataPower Gateways Publisher: IBM Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-1652 Original Bulletin: https://www.ibm.com/support/docview.wss?uid=ibm10744557 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-1652) Document information Software version: All Versions Operating system(s): Firmware Reference #: 0744557 Modified date: 07 December 2018 Summary IBM DataPower Gateways has addressed the following vulnerability: CVE-2018-1652 Vulnerability Details CVEID: CVE-2018-1652 DESCRIPTION: IBM DataPower Gateways and IBM MQ Appliance could allow a local user to cause a denial of service through unknown vectors. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144724 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected IBM DataPower Gateway Affected Versions IBM DataPower Gateway 7.1.0.0-7.1.0.19 IBM DataPower Gateway 7.2.0.0-7.2.0.16 IBM DataPower Gateway 7.5.0.0-7.5.0.10 IBM DataPower Gateway 7.5.1.0-7.5.1.9 IBM DataPower Gateway 7.5.2.0-7.5.2.9 IBM DataPower Gateway 7.6.0.0-7.6.0.2 Remediation/Fixes Product VRMF APAR Remediation / First Fix IBM DataPower Gateway 7.1.0.20 IT21445 Install the fix pack. IBM DataPower Gateway 7.2.0.17 IT21445 Install the fix pack. IBM DataPower Gateway 7.5.0.11 IT21445 Install the fix pack. IBM DataPower Gateway 7.5.1.10 IT21445 Install the fix pack. IBM DataPower Gateway 7.5.2.10 IT21445 Install the fix pack. IBM DataPower Gateway 7.6.0.3 IT21445 Install the fix pack. Workarounds and Mitigations None Additional Bluemix Alert Information Monitor the Bluemix console (https://console.ng.bluemix.net/status/) for additional important product alerts. Change History 7 December 2018: Original version published - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXA3EcWaOgq3Tt24GAQgdOxAA01hFgLf2Wwm+dAVbFSBj5ZStfvwwLGag 1T2NzMLcM+h7anAu0OOmWaGNJld1z/HSfOG+ZfHpO2qNwtj7E9iopRcIUVBSy2Da u81QLEjnHmE+cuH3zBakIFhDXqKtPPkUfcHP1kdEVHQFr54S5WeoetOCW4lxwcZr jROYAUSMuUrf2H5EN6q6Af78YphQsHLHRiunJpDTGl6QeRwLrKLEymxIyVyaHl1Y AFN7aOL9LVKzp+l2pZyGzftyhPV4nnbUulXcp6P08z3zyv3d9H26TYOA5zhCb8Dn +Ai9LmadUcslVG8DrsJZrQlzE010Bc1kjA6s/V+3jHisQDTk0U5PBRRqLbKKO7Gz /jQqmgFCjVTNmjsgCAK851VSVv5Bqwe7SU40qSR0a+uH360zQzDHU27bvsVdexFS s2JY8r77HlUPTx6tVj1dVALYiKnT8ge70hAiq16HafGAa/wJSv4vB8KNuORDATr+ vEmTYHKuzjP/su1LJjuVwGg4qXqcA5L5jiD7GMKSU+3VCTNpb2Drw1nxGl+v1snO Yaf7xgTWfNP53erk2NuU5YI9gi/ojcG3AMScBjzruHWM9UcISSaVCYcPx7ZibBgn FK9tcBDNZmnSwoMt3nkZ1E9H9eHE3LLaPgSAZ9fwsnkkQCHRoXlHtalo2rASepex FnN18zy2XVg= =pMRS -----END PGP SIGNATURE-----