Lucene search
+L

342 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/13 2:29 p.m.53 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-43642

Summary snappy-java is used by the IBM Datapower Operations Dashboard as a compressor/decompressor for Java Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted...

7.5CVSS7.3AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/13 2:28 p.m.19 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to denial of service CVE-2023-3635

Summary Okio GzipSource is used by the IBM Datapower Operations Dashboard in its IO infrastructure. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffer, a remote...

7.5CVSS6.4AI score0.01254EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/11 2:52 p.m.49 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a machine-in-the-middle attack CVE-2023-48795

Summary OpenSSH is used by the IBM Datapower Operations Dashboard for general remote services. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when...

5.9CVSS6.4AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/12 4:39 p.m.30 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service [CVE-2023-34462]

Summary Netty is used by the IBM Datapower Operations Dashboard in its network protocol infrastructure. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake...

6.5CVSS6.9AI score0.02459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/07 5:7 p.m.31 views

Security Bulletin: IBM Datapower Operations Dashboard to a denial of service caused by an unsafe deserialization flaw

Summary Apache Johnzon is used by the IBM Datapower Operations Dashboard in its JSON processing. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON...

5.3CVSS5.5AI score0.01454EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/07 3:45 p.m.66 views

Security Bulletin: IBM DataPower Gateway vulnerable to unauthorized access in Redis

Summary Redis is used in gateway peering, B2B and rate-limiting. IBM has updated Redis to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45145 DESCRIPTION: Redis could allow a local authenticated attacker to bypass security restrictions, caused by a race condition when a permissi...

3.6CVSS3.8AI score0.00444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/12 5:1 p.m.27 views

Security Bulletin: IBM DataPower Gateway vulnerable to directory traversal issue

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-46177 DESCRIPTION: IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM...

7.5CVSS6.9AI score0.01338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/13 8:4 p.m.41 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to a denial of service (CVE-2023-4807)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC message authentication code implementation, when running on newer X8664 processors supporting the AVX512-IFM...

7.8CVSS7.8AI score0.00862EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 5:35 p.m.97 views

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP/2 "Rapid Reset" Denial of Service (CVE-2023-44487, CVE-2023-39325)

Summary IBM has addressed both CVEs. Vulnerability Details CVEID: CVE-2023-39325 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the net/http and x/net/http2 packages. By sending specially crafted requests using HTTP/2 client, a...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/13 12:54 p.m.45 views

Security Bulletin: IBM DataPower Gateway vulnerable to multiple issues in Node.js

Summary IBM has addressed the following CVEs that could affect the API Gateway Director, and in version 10.5. only the New UI Vulnerability Details CVEID:CVE-2023-30588 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by invalid public key information in x509 certificates. By...

7.5CVSS7.3AI score0.03906EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/07 2:23 p.m.32 views

Security Bulletin: Timing side-channel in IBM DataPower Gateway (CVE-2023-32342)

Summary A timing side-channel is present in IBM GSKit. This potentially affects the following IBM DataPower Gateway services: ISAM/TAM, MQ and JMS Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a...

7.5CVSS7.3AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/07 2:2 p.m.52 views

Security Bulletin: IBM DataPower Gateway affected by multiple issues in JRE

Summary IBM has addressed the following CVEs, which potentially affect JDBC, IMS Callout and JMS components Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

7.4CVSS6.1AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 4:41 p.m.56 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to Denial of Service (CVE-2023-2650)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit. By sendin...

6.5CVSS6.9AI score0.75116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 1:44 p.m.27 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to Denial of Service (CVE-2022-4450)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioex function. By sending specially crafted PEM files for...

7.5CVSS7.7AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 9:35 a.m.46 views

Security Bulletin: IBM MQ Appliance is vulnerable to cross-site request forgery (CVE-2022-31773)

Summary IBM MQ Appliance has resolved a cross-site request forgery vulnerability. Vulnerability Details CVEID:CVE-2022-31773 DESCRIPTION: IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthoriz...

8.8CVSS8.6AI score0.00359EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/16 9:16 p.m.43 views

Security Bulletin: IBM DataPower Gateway vulnerable to network state information leakage (CVE-2021-20322, CVE-2021-45485, CVE-2021-45486)

Summary IBM has addressed the CVEs Vulnerability Details CVEID:CVE-2021-45485 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by improperly consider attacks from many IPv6 source addresses in net/ipv6/outputcore.c in the IPv6 implementation. By sendi...

7.5CVSS5.7AI score0.06846EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/16 6:59 p.m.60 views

Security Bulletin: IBM DataPower Gateway potentially affected by CPU side-channel (CVE-2022-21166)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-21166 DESCRIPTION: Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup in specific special register write operations in the Memory Mapped I/O MMIO component...

5.5CVSS6.4AI score0.05899EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/16 6:57 p.m.184 views

Security Bulletin: UDP source port randomization flaw in IBM DataPower Gateway (CVE-2020-25705)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an attacker could exploit this...

7.4CVSS7.5AI score0.06692EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/11/22 7:15 p.m.8 views

CVE-2022-40228

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...

5.4CVSS5.8AI score0.00315EPSS
Exploits0References2
NVD
NVD
added 2022/11/22 7:15 p.m.28 views

CVE-2022-40228

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...

5.4CVSS0.00315EPSS
Exploits0References2
Rows per page
Query Builder