Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.14 views

CVE-2022-40228

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...

5.4CVSS6.4AI score0.00315EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:42 a.m.46 views

Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)

Summary If a user password is changed, IBM DataPower Gateway does not immediately invalidate existing active sessions that were created with the old password. This means that a session created using a compromised password could continue to operate after the password has been changed until the...

5.4CVSS5.2AI score0.00315EPSS
Exploits0Affected Software4
Circl
Circl
added 2022/11/22 10:13 p.m.7 views

CVE-2022-40228

creationtimestamp| type| source ---|---|--- 2022-11-22 22:13:12+00:00| seen| https://t.me/cibsecurity/53370 2025-04-25 20:07:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13516...

5.4CVSS5.5AI score0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/22 6:52 p.m.30 views

CVE-2022-40228 IBM DataPower Gateway session fixation

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...

3.7CVSS5.5AI score0.00315EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/22 6:52 p.m.9 views

CVE-2022-40228 IBM DataPower Gateway session fixation

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...

3.7CVSS6.4AI score0.00315EPSS
Exploits0References2
CVE
CVE
added 2022/11/22 6:52 p.m.74 views

CVE-2022-40228

CVE-2022-40228 affects IBM DataPower Gateway and is caused by not invalidating active sessions after a password change, which could allow an authenticated user to impersonate another user. Affected versions include 10.0.3.0–10.0.4.0, 10.0.1.0–10.0.1.9, 2018.4.1.0–2018.4.1.22, and 10.5.0.0–10.5.0....

5.4CVSS4.7AI score0.00315EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder