Lucene search
K

342 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:4 a.m.27 views

Security Bulletin: A vulnerability in net-snmp affects IBM DataPower Gateways (CVE-2015-5621)

Summary IBM DataPower gateways has addressed a vulnerability in SNMP parsing routines that could cause the SNMP daemon to crash or execute arbitrary code. Vulnerability Details CVEID: CVE-2015-5621 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind...

7.5CVSS2.6AI score0.40002EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:4 a.m.22 views

Security Bulletin: A vulnerability in the GSKit component of IBM DataPower Gateways (CVE-2016-0201)

Summary IBM DataPower Gateways uses GSKit in certain modules - namely MQ, ISAM/TAM, JMS. A vulnerability has been addressed in the GSKit component of IBM DataPower Gateways. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive...

5.9CVSS0.9AI score0.02032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:4 a.m.38 views

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM DataPower Gateways (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM DataPower Gateways. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message...

5.9CVSS1.6AI score0.0288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.40 views

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)

Summary SSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters...

7.5CVSS1.4AI score0.74483EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.40 views

Security Bulletin: Vulnerabilities in unzip affect IBM DataPower Gateways (CVE-2014-8141)

Summary IBM DataPower Gateways has addressed a vulnerability in 'unzip utility' that it uses to list, test, or extract files from a zip archive. Vulnerability Details CVEID: CVE-2014-8141 DESCRIPTION: Info-ZIP UnZip is vulnerable to a buffer overflow, caused by improper bounds checking by the...

7.8CVSS1.2AI score0.11562EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.38 views

Security Bulletin: Padding Oracle Protection in IBM DataPower Gateways GatewayScript modules (CVE-2015-7412)

Summary IBM DataPower Gateways has addressed a Padding Oracle Protection vulnerability in GatewayScript decryption. Vulnerability Details CVEID: CVE-2015-7412 DESCRIPTION: IBM DataPower Gateways GatewayScript modules may be vulnerable to Padding Oracle attacks in some scenarios, which could allow...

2.6CVSS0.9AI score0.01014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.40 views

Security Bulletin: GNU C library (glibc) vulnerability affect IBM DataPower Gateway appliances (CVE-2014-6040)

Summary GNU C library glibc vulnerability in iconv function affects IBM DataPower Gateway appliances. Vulnerability Details CVEID: CVE-2014-6040 DESCRIPTION: The GNU C Library glibc is vulnerable to a denial of service, caused by the improper validation of input by the iconv function when...

5CVSS7.7AI score0.06564EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.48 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM DataPower Gateway appliances (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM DataPower Gateway appliances. Vulnerability Details CVEID:CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted,...

10CVSS8AI score0.94859EPSS
Exploits29Affected Software1
CNVD
CNVD
added 2018/02/02 12:0 a.m.5 views

IBM DataPower Gateways Man-in-the-Middle Attack Vulnerability

IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads that protects, integrates, and optimizes access across channels...

4.3CVSS6.6AI score0.00325EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/02/06 12:0 a.m.115 views

IBM DataPower Gateway < 7.5.2.2 Default Admin Password Security Bypass

According to its self-reported version, the IBM DataPower Gateway running on the remote host is prior to 7.5.2.2. It is, therefore, affected by a security bypass vulnerability due to the default password still being accepted as valid if the administrator logs in before the startup configuration i...

5.7AI score
Exploits0References1
n0where
n0where
added 2016/06/15 7:53 p.m.16 views

Identify Web Application Firewall: WAFW00F

WAFW00F Fingerprints and Identify Web Application Firewall WAF products WAFW00F is a Python tool to help you fingerprint and identify Web Application Firewall WAF products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out with a normal HTTP response...

0.1AI score
Exploits0References1
seebug.org
seebug.org
added 2015/11/16 12:0 a.m.18 views

IBM DataPower Gateways GatewayScript模块信息泄露漏洞

No description provided by source...

7.1AI score
Exploits0
NVD
NVD
added 2015/11/14 3:59 a.m.27 views

CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

5CVSS6.5AI score0.01196EPSS
Exploits0References2
Prion
Prion
added 2015/11/14 3:59 a.m.16 views

Session fixation

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

5CVSS7AI score0.01196EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/11/14 2:0 a.m.27 views

CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these...

6.5AI score0.01196EPSS
Exploits0References2
NVD
NVD
added 2015/11/08 10:59 p.m.23 views

CVE-2015-7412

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...

2.6CVSS6.3AI score0.01014EPSS
Exploits0References2
Prion
Prion
added 2015/11/08 10:59 p.m.20 views

Code injection

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...

2.6CVSS6.8AI score0.01014EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/11/08 10:0 p.m.36 views

CVE-2015-7412

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...

6.3AI score0.01014EPSS
Exploits0References2
Prion
Prion
added 2010/04/29 7:30 p.m.16 views

Design/Logic Flaw

The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service interface outage...

5CVSS7.1AI score0.01747EPSS
Exploits0References8Affected Software5
securityvulns
securityvulns
added 2010/01/27 12:0 a.m.30 views

[IBM Datapower XS40] Denial of Service

It appears it is possible to disable the IBM DataPower XS40 Security Gateway device by sending a malformed packet to the network interface. The device will hang up itself without being able to recover from it no auto-reboot. Tested vulnerable firmware is 3.7.2.1 Issue fixed according to vendor in...

1.2AI score
Exploits0
Rows per page
Query Builder