Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9808D4F44F4E9E5487C93021F8FB8175BA963F3841FACC01781A734E78FFF063
HistoryJul 05, 2024 - 3:16 p.m.

Security Bulletin: IBM Datapower Operations Dashboard could allow unintended headers to MIME messages CVE-2024-21742

2024-07-0515:16:50
www.ibm.com
7
ibm
datapower
operations dashboard
cve-2024-21742
fix
mime messages
vulnerability

AI Score

6.5

Confidence

High

JSON

Summary

Apache James Mime4J is used by the IBM Datapower Operations Dashboard stream parsing implementation.

Vulnerability Details

CVEID:CVE-2024-21742
**DESCRIPTION:**Apache James Mime4J could allow a remote attacker to bypass security restrictions, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to add unintended headers to MIME messages.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284251 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
DataPower Operations Dashboard

1.0.20.1, 1.0.20.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to version 1.0.21.0

https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=DPOD-1.0.21.0&product=ibm%2FWebSphere%2FWebSphere%20DataPower%20SOA%20Appliances&source=dbluesearch&mhsrc=ibmsearch_a&mhq=dpod&function=fixId&parent=ibm/WebSphere

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmdatapower_gatewayMatch1.0
VendorProductVersionCPE
ibmdatapower_gateway1.0cpe:2.3:a:ibm:datapower_gateway:1.0:*:*:*:*:*:*:*

Related

osv 6
github 1
wolfi 1
veracode 1
debiancve 1
cvelist 1
prion 1
ubuntucve 1
vulnrichment 1
cve 1
nvd 1
cgr 1
redhatcve 1
nessus 1
ibm 3
oracle 1
osv
osv
CGA-x2mp-f2qg-g22x
2024-06-06 12:26:32
CGA-49jv-2gch-w8m7
2024-06-06 12:22:29
Apache James MIME4J improper input validation vulnerability
2024-02-27 18:31:02
github
github
Apache James MIME4J improper input validation vulnerability
2024-02-27 18:31:02
wolfi
wolfi
CVE-2024-21742 vulnerabilities
2024-09-19 09:11:50
veracode
veracode
Header Injection
2024-02-28 08:31:33
debiancve
debiancve
CVE-2024-21742
2024-02-27 17:15:12
cvelist
cvelist
CVE-2024-21742 Apache James Mime4J: Mime4J DOM header injection
2024-02-27 16:21:16
prion
prion
Input validation
2024-02-27 17:15:00
ubuntucve
ubuntucve
CVE-2024-21742
2024-02-27 00:00:00
vulnrichment
vulnrichment
CVE-2024-21742 Apache James Mime4J: Mime4J DOM header injection
2024-02-27 16:21:16
cve
cve
CVE-2024-21742
2024-02-27 17:15:12
nvd
nvd
CVE-2024-21742
2024-02-27 17:15:12
cgr
cgr
CVE-2024-21742 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2024-21742
2024-02-28 16:05:39
nessus
nessus
Oracle Primavera Unifier (Jul 2024 CPU)
2024-07-18 00:00:00
ibm
ibm
Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)
2024-09-04 14:41:14
Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed
2024-06-14 09:53:58
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
2024-05-16 20:23:15
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00

AI Score

6.5

Confidence

High

JSON
Related for 9808D4F44F4E9E5487C93021F8FB8175BA963F3841FACC01781A734E78FFF063
osv6github1wolfi1veracode1debiancve1cvelist1prion1ubuntucve1vulnrichment1cve1nvd1cgr1redhatcve1nessus1ibm3oracle1