The DataPower Gateway must not use 0.0.0.0 as the management IP address.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-65189 | WSDP-NM-000143 | SV-79679r1_rule | CCI-001368 | medium |
| Description | ||||
| If 0.0.0.0 as the management IP address, the DataPower appliance will listen on all configured interfaces for management traffic. This can allow an attacker to gain privileged-level access from an untrusted network. | ||||
| STIG | Date | |||
| IBM DataPower Network Device Management Security Technical Implementation Guide | 2017-10-05 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-4
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.3
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001368
1.00
- DISA · V1R2 · disa_xccdf · related
Details
Check Text (C-79679r1_chk)
Using an administrator account, log on to the default domain of the appliance.
Navigate to Network >> Management >> Web Management Service.
View the Local Address field; if the value is “0.0.0.0”, this is a finding.
Fix Text (F-71129r1_fix)
To configure the DataPower appliance for web management:
Using an administrator account, log on to the default domain of the appliance.
On the Configure Web Management Service screen, complete the required information.
Set the Administrative state to “enabled”.
For the Local Address, use the IP address from the management subnet assigned to the unit.