Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-56971
HistoryAug 04, 2022 - 12:00 a.m.

IBM DataPower Gateway Server-Side Request Forgery Vulnerability (CNVD-2022-56971)

2022-08-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
18

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. The platform protects, integrates and optimizes access across channels using a dedicated gateway platform.IBM DataPower Gateway is vulnerable to a server-side request forgery vulnerability that stems from the product’s failure to properly validate user input, which could be exploited by an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Related for CNVD-2022-56971