Lucene search
IBM00D598D058656EC1761937AE0E903834D2FE67F74E3DC569C2DC2618AFF43DCEHistoryAug 16, 2021 - 3:35 p.m.
Security Bulletin: IBM DataPower Gateway potentially vulnerable to CSRF attack
2021-08-1615:35:33
www.ibm.com
10
0.001 Low
EPSS
Percentile
20.6%
Summary
IBM has addressed the applicable CVE
Vulnerability Details
CVEID:CVE-2020-4992
**DESCRIPTION:**IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192737 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM DataPower Gateway | 2018.4.1.0-2018.4.1.16 |
Remediation/Fixes
Affected Product
| Fixed in Version
| APAR
—|—|—
IBM DataPower Gateway 2018.4.1
| 2018.4.1.17
| IT36715
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm datapower gateway | eq | 2018.4.1 |
Related
nvd
nvd
CVE-2020-4992
2021-08-17 14:15:07
cnvd
cnvd
IBM DataPower Gateway Code Injection Vulnerability
2021-08-18 00:00:00
cvelist
cvelist
CVE-2020-4992
2021-08-16 00:00:00
cve
cve
CVE-2020-4992
2021-08-17 14:15:07
prion
prion
Cross site request forgery (csrf)
2021-08-17 14:15:00
0.001 Low
EPSS
Percentile
20.6%
Related for 00D598D058656EC1761937AE0E903834D2FE67F74E3DC569C2DC2618AFF43DCE