Lucene search
K

417 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/09/25 2:5 p.m.22 views

Security Bulletin: IBM DataPower Gateways is affected by an XXE vulnerability (CVE-2018-1669)

Summary IBM DataPower Gateways has addressed the following vulnerability: CVE-2018-1669 Vulnerability Details CVEID: CVE-2018-1669 DESCRIPTION: IBM DataPower Gateways is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this...

7.1CVSS1.2AI score0.01853EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/25 2:5 p.m.22 views

Security Bulletin: IBM DataPower Gateways management interface is affected by a vulnerability (CVE-2018-1664)

Summary IBM DataPower Gateways has addressed the following vulnerability: CVE-2018-1664 Vulnerability Details CVEID: CVE-2018-1664 DESCRIPTION: IBM DataPower Gateways echoing of AMP management interface authorization headers exposes login credentials in browser cache. CVSS Base Score: 6.2 CVSS...

7.8CVSS1.2AI score0.00379EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/20 1:15 p.m.32 views

Security Bulletin: IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-7167)

Summary IBM DataPower Gateways has addressed the following vulnerability: CVE-2018-7167 Vulnerability Details CVEID: CVE-2018-7167 DESCRIPTION: Node.js is vulnerable to a denial of service. By invoking Buffer.fill or Buffer.alloc , a remote attacker could exploit this vulnerability to cause the...

7.5CVSS1.2AI score0.07214EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/07 2:47 p.m.30 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DataPower Gateways

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7, 7R1 and 8 used by IBM DataPower Gateway. IBM DataPower Gateway has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability related to the Java SE...

7.4CVSS1.1AI score0.15141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/07 2:46 p.m.25 views

Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0739)

Summary WebSphere DataPower Appliances has addressed the following vulnerability: CVE-2018-0739 Vulnerability Details CVEID: CVE-2018-0739 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploi...

6.5CVSS1.8AI score0.19295EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/07 2:46 p.m.35 views

Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0732)

Summary WebSphere DataPower Appliances has addressed the following vulnerability: CVE-2018-0732 Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key...

7.5CVSS1.5AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/07 2:44 p.m.55 views

Security Bulletin: WebSphere DataPower Appliances is affected by a vulnerability in OpenSSL (CVE-2018-0737)

Summary WebSphere DataPower Appliances has addressed the following vulnerability: CVE-2018-0737 Vulnerability Details CVEID: CVE-2018-0737 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation...

5.9CVSS2.2AI score0.12046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.22 views

Security Bulletin: Reuse of Source Port in DataPower DNS queries (CVE-2017-1773)

Summary IBM DataPower Gateway may re-use the source port in DNS lookups. IBM has addressed the applicable CVE Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-1773 DESCRIPTION: IBM WebSphere DataPower Appliances could allow an attacker using man-in-the-middle techniques to spoof DN...

4.3CVSS5.3AI score0.00331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.87 views

Security Bulletin: A vulnerability in OpenSSL affects IBM DataPower Gateways (CVE-2016-2183)

Summary A vulnerability in the SSL/TLS protocol affects the ISAM Access Manager client and JMS. IBM DataPower Gateways has fully addressed the applicable CVE in version 7.5.2, and in earlier releases it was addressed with a combination of a code fix and a workaround. Vulnerability Details CVEID:...

7.5CVSS0.9AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.48 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM DataPower Gateway appliances (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM DataPower Gateway appliances. Vulnerability Details CVEID:CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted,...

10CVSS8AI score0.94859EPSS
Exploits29Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/02/06 12:0 a.m.16 views

IBM DataPower Gateway Detection

Binary data ibmdatapowergatewaydetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/02/06 12:0 a.m.115 views

IBM DataPower Gateway < 7.5.2.2 Default Admin Password Security Bypass

According to its self-reported version, the IBM DataPower Gateway running on the remote host is prior to 7.5.2.2. It is, therefore, affected by a security bypass vulnerability due to the default password still being accepted as valid if the administrator logs in before the startup configuration i...

5.7AI score
Exploits0References1
CNVD
CNVD
added 2015/11/17 12:0 a.m.2 views

IBM DataPower Gateway Cookies Session Missing Security Attributes Vulnerability

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads that protects, integrates, and optimizes access across channels...

5CVSS6.8AI score0.01196EPSS
Exploits0References1
NVD
NVD
added 2015/11/14 3:59 a.m.25 views

CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

5CVSS6.5AI score0.01196EPSS
Exploits0References2
Prion
Prion
added 2015/11/14 3:59 a.m.15 views

Session fixation

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

5CVSS7AI score0.01196EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/11/14 2:0 a.m.25 views

CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

6.5AI score0.01196EPSS
Exploits0References2
CVE
CVE
added 2015/11/14 2:0 a.m.58 views

CVE-2015-7427

IBM DataPower Gateway appliances are affected by CVE-2015-7427 due to missing Secure attribute on cookies when using HTTPS, allowing potential interception of cookies. Affected versions include 6.x up to 6.0.0.16/6.0.1.12, 7.x up to 7.0.0.9, 7.1.0.6, and 7.2.0.0. Remediation: upgrade to fixed rel...

5CVSS6.7AI score0.01196EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder