Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP Parameter Pollution CVE-2025-7783

Summary form-data is used by the IBM Datapower Operations Dashboard for their streaming implementation Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with...

Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754

Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a StackOverflowError CVE-2025-48924

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility operations Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-34109

Summary zxcvbn is used by the IBM Datapower Operations Dashboard to improve password security Vulnerability Details CVEID:CVE-2023-34109 DESCRIPTION: zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform whic...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to improper resource shutdown or release CVE-2025-61795

Summary Apache Tomcat is used by the IBM Datapower Operations Dashboard in their HTTP web server implementation Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the...

Security Bulletin: IBM Datapower Operations Dashboard could be vulnerable to an out-of-memory (OOM) issue CVE-2025-2240

Summary Smallrye is used by the IBM Datapower Operations Dashboard for repository hosting including build, CI, and release publishing setup Vulnerability Details CVEID:CVE-2025-2240 DESCRIPTION: A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM...

Security Bulletin: IBM Datapower Operations Dashboard could allow a potential data leak CVE-2025-49574

Summary vert.x is used in KeyCloak which is used by the IBM Datapower Operations Dashboard for authentication and authorization Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to...

Security Bulletin: IBM Datapower Operations Dashboard could potentially cause SSRF and credential leakage CVE-2025-27152

Summary Axios is used by the IBM Datapower Operations Dashboard for HTTP requests to communicate with servers or APIs Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than...

Security Bulletin: IBM Datapower Operations Dashboard could cause a native crash CVE-2025-24970

Summary Netty is used by the IBM Datapower Operations Dashboard for it's network application framework implementation Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final an...

Security Bulletin: IBM Datapower Operations Dashboard could cause a denial of service CWE-1321

Summary Axios is used by the IBM Datapower Operations Dashboard for HTTP requests to communicate with servers or APIs Vulnerability Details IBM X-Force ID: 294242 DESCRIPTION: Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-38477

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sending a...

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in modproxy. By...

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to obtain sensitive information CVE-2024-38476

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38476 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by improper input validation by the backend...

Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100

Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...

Security Bulletin: IBM Datapower Operations Dashboard could allow a denial of service condition CVE-2024-29025

Summary Netty is used by the IBM Datapower Operations Dashboard server implementation. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially crafted reques...

Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP request smuggling CVE-2023-46589

Summary Apache Tomcat is used by the IBM Datapower Operations Dashboard in its server implementation. Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a specially craft...

Security Bulletin: IBM Datapower Operations Dashboard could be vulnerable to a denial of service CVE-2023-51074

Summary json-path is used by the IBM Datapower Operations Dashboard to query JSON documents. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a specially crafted...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to execute arbitrary code on the system CVE-2023-46308

Summary plotly.js is used by the IBM Datapower Operations Dashboard in their web console. Vulnerability Details CVEID:CVE-2023-46308 DESCRIPTION: Plotly plotly.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the plot API calls. By...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-43642

Summary snappy-java is used by the IBM Datapower Operations Dashboard as a compressor/decompressor for Java Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-33202

Summary Bouncy Castle for Java is used by the IBM Datapower Operations Dashboard to perform cryptographic operations. Vulnerability Details CVEID:CVE-2023-33202 DESCRIPTION: Bouncy Castle for Java is vulnerable to a denial of service, caused by a flaw in the org.bouncycastle.openssl.PEMParser...