Ibm

Datapower Gateway

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2021-38910

  • EPSS 0.25%
  • Veröffentlicht 10.03.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:11

IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to ...

6.5

CVE-2020-4992

  • EPSS 0.1%
  • Veröffentlicht 17.08.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:33:31

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.

5.3

CVE-2020-5008

  • EPSS 0.15%
  • Veröffentlicht 07.06.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:33:32

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referr...

7.5

CVE-2020-4831

  • EPSS 0.11%
  • Veröffentlicht 12.03.2021 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:17

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.

6.7

CVE-2020-5014

  • EPSS 1.25%
  • Veröffentlicht 08.03.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:32

IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.

5.5

CVE-2020-4528

  • EPSS 0.05%
  • Veröffentlicht 06.10.2020 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:51

IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658.

7.5

CVE-2020-4579

  • EPSS 1.61%
  • Veröffentlicht 21.09.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:56

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.

7.5

CVE-2020-4581

  • EPSS 0.73%
  • Veröffentlicht 21.09.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:56

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.

7.5

CVE-2020-4580

  • EPSS 0.73%
  • Veröffentlicht 21.09.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:56

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.

6.5

CVE-2020-4205

  • EPSS 0.08%
  • Veröffentlicht 19.03.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:23

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.