Lucene search

K
ibmIBMD504296C469FF402F73637F620D6BEA70BC5D37426BFD10EC06DDF72B6870292
HistoryDec 16, 2022 - 9:16 p.m.

Security Bulletin: IBM DataPower Gateway vulnerable to network state information leakage (CVE-2021-20322, CVE-2021-45485, CVE-2021-45486)

2022-12-1621:16:31
www.ibm.com
17

0.001 Low

EPSS

Percentile

34.0%

Summary

IBM has addressed the CVEs

Vulnerability Details

CVEID:CVE-2021-45485
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by improperly consider attacks from many IPv6 source addresses in net/ipv6/output_core.c in the IPv6 implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216133 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-45486
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by the use of small hash table in net/ipv4/route.c in the IPv4 implementation. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216134 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM DataPower Gateway 10.5.0 10.5.0.0 - 10.5.0.2

Remediation/Fixes

Affected Product Fixed in version APAR
IBM DataPower Gateway 10.5.0 10.5.0.3 IT42605

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm datapower gatewayeq10.5.0