If IPMI over LAN Is enabled, a default administrator account is also enabled.
CVEID:CVE-2019-4621
**DESCRIPTION:**IBM DataPower Appliance and IBM MQ Appliance have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168883 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM DataPower Gateway | 2018.4.1.0-2018.4.1.5 |
IBM DataPower Gateway | 7.6.0.0-7.6.0.14 |
Fixed in version | APAR | Remediation |
---|---|---|
IBM DataPower Gateway 2018.4.1.6 | IT29004 | Install the fixpack |
IBM DataPower Gateway 7.6.0.15 | IT29004 | Install the fixpack |
None