Lucene search
China National Vulnerability DatabaseCNVD-2022-83583HistoryAug 31, 2022 - 12:00 a.m.
IBM DataPower Gateway Cross-Site Request Forgery Vulnerability
2022-08-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
ibm datapower gateway
cross-site request forgery
vulnerability
spoofing
web application
dedicated gateway platform
integration platforms
api
soa
b2b
cloud workloads
sensitive operations
0.001 Low
EPSS
Percentile
29.7%
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channels using a dedicated gateway platform.A cross-site request forgery vulnerability exists in IBM DataPower Gateway V10CD version, version 10.0.1, and version 2018.4.1, which stems from a WEB application that does not adequately validate that the request is from a trusted user. An attacker could use the vulnerability to spoof malicious requests to trick victims into clicking to perform sensitive operations.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm datapower gateway | eq | 10.0.1 | |
| ibm datapower gateway | eq | 2018.4.1 |
Related
cve
cve
CVE-2022-31773
2022-08-26 18:15:08
nvd
nvd
CVE-2022-31773
2022-08-26 18:15:08
ibm
ibm
prion
prion
Cross site request forgery (csrf)
2022-08-26 18:15:00
cvelist
cvelist
CVE-2022-31773
2022-08-25 00:00:00