Ibm

Datapower Gateway

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-40228

  • EPSS 0.05%
  • Veröffentlicht 22.11.2022 19:15:17
  • Zuletzt bearbeitet 21.11.2024 07:21:06

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate an...

8.8

CVE-2022-31773

  • EPSS 0.09%
  • Veröffentlicht 26.08.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:17

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.

5.4

CVE-2022-32750

  • EPSS 0.15%
  • Veröffentlicht 01.08.2022 11:15:13
  • Zuletzt bearbeitet 21.11.2024 07:06:53

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte...

8.8

CVE-2022-31776

  • EPSS 0.14%
  • Veröffentlicht 01.08.2022 11:15:13
  • Zuletzt bearbeitet 21.11.2024 07:05:17

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from ...

9.1

CVE-2022-31775

  • EPSS 0.04%
  • Veröffentlicht 01.08.2022 11:15:13
  • Zuletzt bearbeitet 21.11.2024 07:05:17

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vul...

5.4

CVE-2022-31774

  • EPSS 0.33%
  • Veröffentlicht 01.08.2022 11:15:13
  • Zuletzt bearbeitet 21.11.2024 07:05:17

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte...

3.3

CVE-2022-22326

  • EPSS 0.05%
  • Veröffentlicht 01.08.2022 11:15:13
  • Zuletzt bearbeitet 21.11.2024 06:46:38

IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.

6.1

CVE-2021-38944

  • EPSS 0.21%
  • Veröffentlicht 18.05.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:15

IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct ...

7.5

CVE-2021-38872

  • EPSS 0.45%
  • Veröffentlicht 17.05.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:07

IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348.

7.5

CVE-2020-4994

  • EPSS 0.58%
  • Veröffentlicht 17.05.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:33:31

IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906.