Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways

Summary IBM DataPower Gateways has addressed vulnerabilities in processing certain XML files that could cause a denial of service or obtain sensitive information. Vulnerability Details CVEID: CVE-2016-4448 DESCRIPTION: libxml2 could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: GNU C library (glibc) vulnerability affects IBM DataPower Gateways (CVE-2015-7547)

Summary A GNU C library glibc stack-based buffer overflow in getaddrinfo vulnerability affects IBM DataPower Gateways. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nssdns backe...

Security Bulletin: A vulnerability in XML processing affects IBM DataPower Gateways (CVE-2015-1819)

Summary IBM DataPower Gateways has addressed a vulnerability in parsing certain XML files that could cause a denial of service. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreade...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM DataPower Gateways (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM DataPower Gateways. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message...

Security Bulletin: A vulnerability in the GSKit component of IBM DataPower Gateways (CVE-2016-0201)

Summary IBM DataPower Gateways uses GSKit in certain modules - namely MQ, ISAM/TAM, JMS. A vulnerability has been addressed in the GSKit component of IBM DataPower Gateways. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)

Summary SSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters...

Security Bulletin: Vulnerabilities in unzip affect IBM DataPower Gateways (CVE-2014-8141)

Summary IBM DataPower Gateways has addressed a vulnerability in 'unzip utility' that it uses to list, test, or extract files from a zip archive. Vulnerability Details CVEID: CVE-2014-8141 DESCRIPTION: Info-ZIP UnZip is vulnerable to a buffer overflow, caused by improper bounds checking by the...

Security Bulletin: Padding Oracle Protection in IBM DataPower Gateways GatewayScript modules (CVE-2015-7412)

Summary IBM DataPower Gateways has addressed a Padding Oracle Protection vulnerability in GatewayScript decryption. Vulnerability Details CVEID: CVE-2015-7412 DESCRIPTION: IBM DataPower Gateways GatewayScript modules may be vulnerable to Padding Oracle attacks in some scenarios, which could allow...

IBM DataPower Gateways Man-in-the-Middle Attack Vulnerability

IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads that protects, integrates, and optimizes access across channels...

Code injection

IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817...

CVE-2017-1773

IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817...

CVE-2017-1773

CVE-2017-1773 affects IBM DataPower Gateway: DNS spoofing via MITM in DataPower DNS queries. Affected versions include 7.1.0.0–7.1.0.20, 7.2.0.0–7.2.0.17, 7.5.0.0–7.5.0.11, 7.5.1.0–7.5.1.10, 7.5.2.0–7.5.2.10, and 7.6.0.0–7.6.0.3. Remediation is available in newer releases: 7.1.0.21, 7.2.0.18, 7.5...

CVE-2017-1773

IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817...

IBM DataPower Gateways GatewayScript Module Information Disclosure Vulnerability

IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads, which protects, integrates, and optimizes access across channels...