6 matches found
CVE-2022-40228
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...
Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)
Summary If a user password is changed, IBM DataPower Gateway does not immediately invalidate existing active sessions that were created with the old password. This means that a session created using a compromised password could continue to operate after the password has been changed until the...
CVE-2022-40228
creationtimestamp| type| source ---|---|--- 2022-11-22 22:13:12+00:00| seen| https://t.me/cibsecurity/53370 2025-04-25 20:07:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13516...
CVE-2022-40228 IBM DataPower Gateway session fixation
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...
CVE-2022-40228 IBM DataPower Gateway session fixation
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...
CVE-2022-40228
CVE-2022-40228 affects IBM DataPower Gateway and is caused by not invalidating active sessions after a password change, which could allow an authenticated user to impersonate another user. Affected versions include 10.0.3.0–10.0.4.0, 10.0.1.0–10.0.1.9, 2018.4.1.0–2018.4.1.22, and 10.5.0.0–10.5.0....