Lucene search
K

419 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 8:57 p.m.16 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2024-25062)

Summary libxml2 is used in the DataPower Gateway's DB2 connector. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing...

7.5CVSS7.7AI score0.01364EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.17 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-25016)

Summary This vulnerability affects the MQ Client component of IBM Datapower Gateway . Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTION: IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect...

7.5CVSS6.6AI score0.00849EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.30 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-45296)

Summary pillarjs Path-to-RegExp is used by IBM DataPower Gateway as part of the DataPower UI CVE-2024-45296 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending...

7.5CVSS6.5AI score0.00932EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.11 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2024-22365)

Summary This vulnerablility may affect database access, and DataPower Virtual Edition. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by a flaw in pamnamespace.so. By sending a specially crafted request, a local attacker could exploi...

5.5CVSS6.5AI score0.00459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: Due to use of Node.js IBM DataPower Gateway vulnerable to denial of service (CVE-2024-45590)

Summary Node.js is used by IBM DataPower Gateway as part of the user interface. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote...

7.5CVSS6.5AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/12 3:1 p.m.25 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2023-52881)

Summary This issue can affect TCP networking Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian...

5.5CVSS6.5AI score0.00227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/07 3:43 p.m.29 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS and privilege escalation

Summary These CVEs affect the operating system kernel. Vulnerability Details CVEID:CVE-2023-52340 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the ICMPv6 handling of "Packet Too Big". By sending a specially crafted IPV6...

9.8CVSS7.5AI score0.00978EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/04 2:52 p.m.22 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to RCE vulnerability

Summary IBM DataPower Gateway does not support the affected character-set. Out of an abundance of caution, IBM has applied the remediation for this CVE. Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system, caus...

7.3CVSS7.8AI score0.8833EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 9:36 p.m.26 views

Security Bulletin: IBM DataPower Gateway vulnerable to physical attacks and DoS.

Summary CVE-2023-1073, CVE-2023-1079, CVE-2023-4132 require physical access to the appliance with malicious USB device. CVE-2023-1206 can allow an attacker with a high bandwidth connection to consume excessive CPU resources. Vulnerability Details CVEID:CVE-2023-1073 DESCRIPTION: Linux Kernel coul...

6.8CVSS7.1AI score0.00553EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/06 3:43 p.m.53 views

Security Bulletin: IBM DataPower Gateway vulnerable to multiple kernel CVEs

Summary IBM DataPower Gateway has addressed multiple CVEs in 10.5.0.12 Vulnerability Details CVEID:CVE-2023-2162 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a use-after-free flaw in the iscsiswtcpsessioncreate function in drivers/scsi/iscsitcp...

7.5CVSS8.9AI score0.00544EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 2:18 p.m.54 views

Security Bulletin: IBM DataPower Gateway vulnerable to data truncation and DoS in Kerberos (CVE-2024-37370 & CVE-2024-37371)

Summary Kerberos is used by IBM DataPower Gateway as an optional authentication mechanism. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially craft...

9.1CVSS8.5AI score0.01863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 2:18 p.m.34 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to Node.js micromatch module (CVE-2024-4067)

Summary IBM DataPower Gateway uses the micromatch module in its UI. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in micromatch.braces in index.js. By sending a...

5.3CVSS6.1AI score0.01429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 11:18 a.m.33 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to Node.js Braces module (CVE-2024-4068)

Summary The Braces module is used by IBM DataPower Gateway in its UI Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading to a memory exhaustion in...

7.5CVSS7.3AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:15 p.m.85 views

Security Bulletin: IBM DataPower Gateway vulnerable to XML Entity Expansion attack in Web UI (CVE-2022-31775)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-31775 DESCRIPTION: IBM DataPower Gateway is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memo...

9.1CVSS7.3AI score0.0115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/29 9:28 p.m.35 views

Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to open-vm-tools (CVE-2023-20867)

Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit a compromised hypervisor to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20867 DESCRIPTION: VMware Tools could allow a local...

3.9CVSS4.6AI score0.13638EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/11 3:42 p.m.26 views

Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to use of open-vm-tools (CVE-2023-20900)

Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit hypervisor users to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20900 DESCRIPTION: VMware Tools could allow a remote attacker to bypa...

7.5CVSS7AI score0.01193EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/10 2:58 p.m.59 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2021-33631)

Summary This CVE in the OS kernel can affect mounting file-systems Vulnerability Details CVEID:CVE-2021-33631 DESCRIPTION: openEuler is vulnerable to a denial of service, caused by an integer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service...

7.8CVSS5.9AI score0.00371EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/09 3:27 p.m.29 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to use of nghttp2 (CVE-2024-28182)

Summary nghttp2 is used by IBM DataPower Gateway in its HTTP/2 implementation in the front-side handler and for outgoing connections Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is vulnerable to a denial of service, caused by a memory exhaustion flaw due to flood of CONTINUATIO...

5.3CVSS5.8AI score0.8496EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/09 3:27 p.m.26 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to OpenSSL (CVE-2024-2511)

Summary OpenSSL is used to provide TLS functionality within IBM DataPower Gateway Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...

5.9CVSS6AI score0.54026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/09 2:38 p.m.22 views

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling in Node.js (CVE-2024-27982)

Summary Node.js is used by IBM DataPower Gateway in the Gateway Director and UI components. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By sending specially crafted HTT...

6.5CVSS5.7AI score0.01155EPSS
Exploits0Affected Software1
Rows per page
Query Builder