IBM DataPower Gateway has addressed the following vulnerability.
CVE-2019-6110
CVEID:CVE-2019-6110
DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by accepting and displaying arbitrary stderr output from the scp server. A man-in-the-middle attacker could exploit this vulnerability to spoof scp client output.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155487> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
Affected IBM DataPower Gateway | Affected Versions |
---|---|
IBM DataPower Gateway | 7.5.2.0-7.5.2.19 |
IBM DataPower Gateway | 7.6.0.0-7.6.0.13 |
IBM DataPower Gateway | 7.7.0.0-2018.4.1.4 |
Product | VRMF | APAR | Remediation / First Fix |
---|---|---|---|
IBM DataPower Gateway | 7.5.2.20 | IT28834 | Install the fix pack |
IBM DataPower Gateway | 7.6.0.14 | IT28834 | Install the fix pack |
IBM DataPower Gateway | 2018.4.1.5 | IT28834 | Install the fix pack |
None