EUVD-2021-25381

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM DataPower Gateway vulnerable to HTTP header injection due to improper HOST header validation.

Reporter	Title	Published	Views	Family All 8
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway vulnerable to HTTP header injection	17 May 202214:02	–	ibm
Circl	CVE-2021-38944	19 May 202200:28	–	circl
CNNVD	IBM DataPower Gateway 跨站脚本漏洞	18 May 202200:00	–	cnnvd
CNVD	Unspecified Vulnerability in IBM DataPower Gateway (CNVD-2022-41642)	19 May 202200:00	–	cnvd
CVE	CVE-2021-38944	18 May 202219:30	–	cve
Cvelist	CVE-2021-38944	18 May 202219:30	–	cvelist
NVD	CVE-2021-38944	18 May 202220:15	–	nvd
Prion	Cross site scripting	18 May 202220:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "c6da19ee-3a43-3840-bc38-d15ba2332fc2",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1fc9ffba-c123-3074-91ff-79ae61476773",
        "product": {
          "name": "DataPower Gateway"
        },
        "product_version": "10.0.1.0"
      },
      {
        "id": "2e7c070c-f088-3071-9204-477e70557274",
        "product": {
          "name": "DataPower Gateway"
        },
        "product_version": "10.0.3.0"
      },
      {
        "id": "59c2881f-4815-3e8a-bfb9-547286c50daf",
        "product": {
          "name": "DataPower Gateway"
        },
        "product_version": "2018.4.1.18"
      },
      {
        "id": "6cc7220d-b698-36af-926c-66aca9ca3656",
        "product": {
          "name": "DataPower Gateway"
        },
        "product_version": "10.0.1.5"
      },
      {
        "id": "82e55049-072a-3396-a674-04c981e2c7a7",
        "product": {
          "name": "DataPower Gateway"
        },
        "product_version": "2018.4.1.0"
      },
      {
        "id": "dcf623e2-be8a-31b5-9cff-b17485ee38d6",
        "product": {
          "name": "DataPower Gateway"
        },
        "product_version": "10.0.2.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6587070
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/211236
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

5.2Medium risk

Vulners AI Score5.2

CVSS 34.8

CVSS 24.3

CVSS 3.16.1

EPSS0.00157