Lucene search
IBMF2D50548121A435B6F36857AB818D269DF8DAC30676D23FDEB4CA83D36771B38HistoryMar 09, 2022 - 7:10 p.m.
Security Bulletin: IBM DataPower Gateway permits reflected JSON injection (CVE-2021-38910)
2022-03-0919:10:25
www.ibm.com
50
0.001 Low
EPSS
Percentile
38.5%
Summary
IBM has addressed the CVE
Vulnerability Details
CVEID:CVE-2021-38910
**DESCRIPTION:**IBM DataPower Gateway could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209824 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM DataPower Gateway V10CD | 10.0.2.0, 10.0.3.0 |
| IBM DataPower Gateway 10.0.1 | 10.0.1.0-10.0.1.5 |
| IBM DataPower Gateway 2108.4.1 | 2018.4.1.0-2108.4.1.18 |
Remediation/Fixes
| Affected Product(s) | Fixed in Version | APAR |
|---|---|---|
| IBM DataPower Gateway V10CD | 10.0.4.0 | IT39021 |
| IBM DataPower Gateway 10.0.1 | 10.0.1.6 | IT39021 |
| IBM DataPower Gateway 2108.4.1 | 2018.4.1.19 | IT39021 |
Workarounds and Mitigations
None
Related
prion
prion
Input validation
2022-03-10 20:15:00
cvelist
cvelist
CVE-2021-38910
2022-03-09 00:00:00
cve
cve
CVE-2021-38910
2022-03-10 20:15:08
ibm
ibm
nvd
nvd
CVE-2021-38910
2022-03-10 20:15:08
0.001 Low
EPSS
Percentile
38.5%
Related for F2D50548121A435B6F36857AB818D269DF8DAC30676D23FDEB4CA83D36771B38