Lucene search
K

416 matches found

CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

IBM DataPower Gateway 安全漏洞

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

6.8CVSS5.8AI score0.00252EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 2:32 p.m.3 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to qs (CVE-2025-15284)

Summary The qs package is used in the Gateway Director and UI components. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits f...

6.3CVSS5.8AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 11:1 p.m.3 views

Security Bulletin: Incorrect administrative access control in IBM DataPower Gateway

Summary This issue allowed valid administrative users to see services within domains to which they should have had no access. Vulnerability Details CVEID:CVE-2025-36373 DESCRIPTION: IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user...

6.8CVSS5.8AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:21 p.m.6 views

Security Bulletin: IBM DataPower Gateway vulnerable to CSRF

Summary IBM DataPower Gateway is affected by a cross-site request forgery vulnerability Vulnerability Details CVEID:CVE-2025-36375 DESCRIPTION: IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted...

8.8CVSS5.9AI score0.00167EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:20 p.m.6 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to body-parser

Summary The affected package is used in the UI Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands o...

6.9CVSS5.9AI score0.00342EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:55 p.m.11 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service

Summary Processing a malformed PKCS12 file can cause an appliance reload. Vulnerability Details CVEID:CVE-2026-22795 DESCRIPTION: Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a...

5.5CVSS5.8AI score0.00144EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:53 p.m.6 views

Security Bulletin: IBM dataPower Gateway affected by prototype pollution vulnerability in Lodash

Summary The affected package is used in the UI and API Gateway Director components Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause...

8.2CVSS5.9AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/22 2:10 p.m.11 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to library path manipulation

Summary GNU C is used by IBM DataPower Gateway as part of the Supervisor component. Vulnerability Details CVEID:CVE-2025-4802 DESCRIPTION: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared...

7.8CVSS7.3AI score0.00422EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/15 12:53 p.m.4 views

Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Java Runtime Environment

Summary While IBM DataPower Gateway does not use Java, some bundled components do, and the JRE has been updated proactively to address this CVE-2025-53057, CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...

7.5CVSS6.8AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/12 9:4 p.m.6 views

Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to Jansson

Summary IBM DataPower Gateway uses Jansson as part of the On Demand Router ODR component Vulnerability Details CVEID:CVE-2013-6401 DESCRIPTION: Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to caus...

5CVSS6.4AI score0.01969EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 1:28 p.m.10 views

Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to C-Ares

Summary C-Ares is used in IBM DataPower Gateway's DNS resolver Vulnerability Details CVEID:CVE-2025-31498 DESCRIPTION: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS...

8.3CVSS6.5AI score0.00555EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 2:10 p.m.7 views

Security Bulletin: IBM DataPower Gateway vulnerable to data corruption due to LZ4 (CVE-2019-17543)

Summary LZ4 is used in multiple components of IBM DataPower Gateway Vulnerability Details CVEID:CVE-2019-17543 DESCRIPTION: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This iss...

8.1CVSS7AI score0.09116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 2:8 p.m.7 views

Security Bulletin: IBM DataPower vulnerable to a Denial of Service due to Axios (CVE-2025-58754)

Summary Axios is used in the UI of IBM DataPower and in the gateway director component. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with...

7.5CVSS6.5AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:59 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM DataPower Gateway (OS kernel)

Summary Multiple vulnerabilities were addressed in IBM DataPower Gateway version 10.5.0.19 and 10.6.0.7 Vulnerability Details CVEID:CVE-2024-50154 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai La...

7.8CVSS5.1AI score0.00241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:57 p.m.4 views

Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Java runtime

Summary Java Runtime is bundled with IBM DataPower Gateway, and used by some bundled components. CVE-2025-50059, CVE-2025-30754 Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle...

8.6CVSS5.9AI score0.00501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:56 p.m.7 views

Security Bulletin: Due to the use of Redis, IBM DataPower Gateway is vulnerable to a denial of service

Summary Redis is used in the API Gateway component, and for load balancing. CVE-2025-32023, CVE-2025-48367 Vulnerability Details CVEID:CVE-2025-32023 DESCRIPTION: Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticat...

7.8CVSS7.9AI score0.03877EPSS
Exploits4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-12243

Malware in sbrugna...

7.8CVSS6.9AI score0.00379EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-12244

Malware in sbrugna...

7.5CVSS6.7AI score0.00966EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-26239

Malware in sbrugna...

6.5CVSS4.9AI score0.004EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-25381

Malware in sbrugna...

6.1CVSS5.2AI score0.00536EPSS
Exploits0References3
Rows per page
Query Builder