CVE-2017-1591

{"id": "CVE-2017-1591", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-09-28T01:29:02.793", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg22008815", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/101021", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368."}, {"lang": "es", "value": "IBM WebSphere DataPower Appliances versi\u00f3n 7.0.0 hasta 7.6, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, y por lo tanto, alterar la funcionalidad deseada que podr\u00eda conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 132368."}], "lastModified": "2017-10-06T19:34:19.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A38D3F1-B9B7-4507-9E7D-8D6BB6B4BA5E"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCDD32DA-E5B7-4396-8DE4-EEE9E2A2578B"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "102B1969-5BE1-4CC2-9588-691D715F4DA2"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8EBFF6E-53A2-4187-801A-8640D941C717"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A51FA23-9FF6-4236-9EBE-C063EA70211B"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16E0456B-A3DA-4E78-9566-11106CB57B86"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79CAC5E6-15C2-4F22-A3D3-CA58A33903F8"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4A92C11-CB05-4D5F-A58D-1AC2A2AE49E1"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A9C4B24-3F61-4790-920E-67A287F4FD27"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3470C5C5-0023-433F-8266-05EDAC5E1C59"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E1DC3-3CFF-4F20-B908-36871BC513EE"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAC5134B-9542-4EA3-A10B-C7A3C6DEFF22"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F5389D4-9396-428F-90B2-F1E91B600A83"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49945A97-02BF-4F4B-80C3-CEE2ADEF8142"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F6F1087-E586-4D87-B323-CE8FBB370DF2"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCDA13A7-83FE-4B20-A7D0-76183699B09C"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE9AD587-4B32-439F-9C99-3A5E293C6CFE"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "351F8DC4-34ED-478A-8F63-530E91651861"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "964ED59D-2118-47F8-BD01-66051DC7957D"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FED8A1C-7C8B-4636-BD55-A30F361BF3B7"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46CC198-5282-4398-9AA3-96FA18D1B76F"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D48173CD-C84A-4A3A-A91A-E3808BFD0CCD"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EDB53F0-8AFD-4ACC-A8EC-D910E5B77996"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "022E5711-C03B-4456-8F31-C7685E010FD7"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FEDAEBE-CB98-4B2B-A228-4B730401262F"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BFA9D43-38AE-4331-8031-DE20A0DDB02A"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A159909C-C85A-4A6D-B2FE-AAC130BAFC40"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48CAF192-4F42-4DCB-8F81-9B72554CD5A4"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D0C8E56-F6C9-4D91-B974-6A4DD6D2593F"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48B717E5-84C1-4CF5-BDDB-22EC2EE9DE2C"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44805D56-CD37-480D-947F-C7B075E72F22"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F297CABF-10ED-405B-AEEB-FED174EF56A8"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC7929BF-68EE-440D-92AE-77A4984CF3D7"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB853AEF-DF28-477A-B6F0-3EDE63BCA93A"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D84AAA9-B3B9-42F9-9703-847DFE8D8178"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11E7C415-D1CF-4A76-9FE2-DED1605D0AC0"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4AB722E-0E6D-4DCD-A57A-B74B4C2A96E0"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA7E3EE6-A73F-467C-A9D9-52A35597E7C4"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36BDBADF-65FA-4EC7-AF9E-AB6A03668154"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D32139A0-894E-4A7D-AED8-4584B1680693"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F41AB81C-9F09-4DCC-BACA-25164CA8053D"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33502503-EA47-4498-ABA5-A37E1D0604D3"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BFCE704-2DEC-4339-927E-0519DBCC3B19"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2C5ACAC-960B-42BC-9D5E-CF6AEDB33CD4"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3072ABC1-22E9-462F-80EB-489504BC9CC9"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D53DB10C-C377-4ABD-9470-325AE52B8AC5"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67C298EB-410E-4953-A972-33666EFA7D77"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FC5B96D-DE35-43AC-B720-D35E390DA78A"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE47689B-4233-4038-A0D6-E88567F60BB5"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE074A6E-6FE8-4E6F-BA2B-C1AC95D6D248"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C39DC4C-2268-4D29-8B3B-F84761ECF4AB"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFA8FE6D-BB4A-4AF6-871C-F0681E59C6AB"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6092928D-BF84-4A46-8ADA-21D36CD4E230"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A47EBCD-4160-4B17-80ED-3C89629BE8E2"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AFA5522-29C8-4496-B4E1-B894C1DA7AA7"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99CA8ACA-4060-49DE-BF60-7D196F175615"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "267E68E8-EB07-462E-94BB-4F96A63443E8"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BB2F80D-9908-4269-9115-DFF5339705C7"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0914A678-A86D-436B-822A-656811CC9EE4"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C7E02EE-BC8E-4B40-82BD-986A93C816E3"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6851A125-1929-4839-A423-21A7EBAC7841"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1E8E276-1BEE-4A88-B5DB-EE6C8947C91A"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B328B8D-3B4E-4964-BC8F-506A498B1BEB"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48B7BCA8-CF1D-4EF1-B80A-819CB630C49A"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBCBD768-EAD7-40A8-94D5-ECFDC796F1B6"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3BDECCB-7460-4212-AE2F-832E2B3F3AED"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2CA331B-79E6-4051-AA8B-AFDADFEFA718"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44C2AA21-0527-4D6B-BAA4-8DDEA964E266"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69FE278C-E00A-4739-9A93-5F8F86386455"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22F1048C-F9E8-4EF2-AB0C-78E4D65A4925"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4084264-D16A-45AC-A972-AAEE02BD4190"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAB166ED-6AF5-4C16-9E19-DB7B1DDD3B24"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A71877AE-CFB5-4B11-880B-C9B2F090B177"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "119214C4-CF20-4BFE-A0FB-82D15193CB58"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32D46C36-6662-48C2-B5B0-4BEDD040F68B"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD560D9-B35F-41E6-9895-9F39E873B622"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2469E01-F471-496A-800B-C369D6A4EDC2"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70347058-3EE4-4B01-98FF-53A0BA2202C8"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCDB0FC9-8890-45CF-BAA5-09CC655AC647"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DDCA98C-9360-4FCB-8B51-1C86994A2C48"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B132DA61-30D2-4D04-B8A5-6678A6DF7670"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFDE5F6F-AED2-42ED-A3C7-E3DE7A395548"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.5.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8F74EF3-0B80-40C8-84E6-EA01F74738B2"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC26F69C-797D-431A-A948-046423AFE283"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}