Lucene search
+L

342 matches found

redhatcve
redhatcve
added 2025/05/22 11:27 p.m.15 views

CVE-2022-40228

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...

5.4CVSS6.4AI score0.00315EPSS
Exploits0References1
ibm
ibm
added 2025/05/06 1:49 p.m.20 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS

Summary This issue may result in a memory leak. Vulnerability Details CVEID:CVE-2024-26935 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to unremoved procfs host directory regression. A local authenticated attacker could exploit this vulnerability to...

5.5CVSS6.5AI score0.00242EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/04/29 2:23 a.m.32 views

Security Bulletin: IBM DataPower Gateway does not force a Gateway Peering password change

Summary The DataPower UI does not notify customers of any gateway-peering instance that uses the system default password. The UI will now warn if the password is not changed. Vulnerability Details CVEID:CVE-2022-31776 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through...

8.8CVSS8.7AI score0.00462EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/04/29 2:15 a.m.29 views

Security Bulletin: IBM DataPower Gateway may permit admin users to view and edit files that are not allowed to be read via RBM access rights (CVE-2022-22326)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-22326 DESCRIPTION: IBM MQ Appliance could allow unauthorized viewing of logs and files due to insufficient authorisation checks. CVSS Base score: 4 CVSS Temporal Score: See:...

4CVSS3.6AI score0.00194EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/04/03 7:21 p.m.21 views

Security Bulletin: IBM DataPower Gateway vulnerable to denial of service and remote code execution through use of Redis

Summary IBM DataPower Gateway uses Redis internally for gateway peering. Vulnerability Details CVEID:CVE-2024-46981 DESCRIPTION: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and...

9.8CVSS7.5AI score0.07934EPSS
Exploits2Affected Software1
ibm
ibm
added 2025/04/02 8:11 p.m.9 views

Security Bulletin: IBM DataPower Gateway vulnerable to denial of service due to rustls

Summary Rustls is used in gateway peering Vulnerability Details CVEID:CVE-2024-11738 DESCRIPTION: A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service panic via a fragmented TLS ClientHello message. CWE:CWE-248: Uncaught Exception CVSS Source:...

7.5CVSS6.6AI score0.00707EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/04/02 8:10 p.m.21 views

Security Bulletin: IBM DataPower Gateway vulnerable to naming confusion (CVE-2024-12224)

Summary idna is used in the GitOps feature. Vulnerability Details CVEID:CVE-2024-12224 DESCRIPTION: idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal...

8.8CVSS7AI score0.00201EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/03/26 2:42 a.m.46 views

Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)

Summary If a user password is changed, IBM DataPower Gateway does not immediately invalidate existing active sessions that were created with the old password. This means that a session created using a compromised password could continue to operate after the password has been changed until the...

5.4CVSS5.2AI score0.00315EPSS
Exploits0Affected Software4
ibm
ibm
added 2025/03/21 4:35 p.m.7 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-53088)

Summary IBM DataPower Gateway uses the ethernet driver on hardware platforms. Vulnerability Details CVEID:CVE-2024-53088 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the...

5.5CVSS7.2AI score0.00199EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/02/04 8:57 p.m.16 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2024-25062)

Summary libxml2 is used in the DataPower Gateway's DB2 connector. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing...

7.5CVSS7.7AI score0.01364EPSS
Exploits3Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.47 views

Security Bulletin: IBM Datapower Operations Dashboard could allow an attacker to map URLs to filesystem locations that are unreachable by any URL CVE-2024-38475

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network implementation Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to...

9.1CVSS6.7AI score0.99957EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.11 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2024-22365)

Summary This vulnerablility may affect database access, and DataPower Virtual Edition. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by a flaw in pamnamespace.so. By sending a specially crafted request, a local attacker could exploi...

5.5CVSS6.5AI score0.00459EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.30 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-45296)

Summary pillarjs Path-to-RegExp is used by IBM DataPower Gateway as part of the DataPower UI CVE-2024-45296 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending...

7.5CVSS6.5AI score0.00932EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.36 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in modproxy. By...

8.1CVSS6.7AI score0.25878EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.17 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-25016)

Summary This vulnerability affects the MQ Client component of IBM Datapower Gateway . Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTION: IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect...

7.5CVSS6.6AI score0.00849EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.33 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to server-side request forgery CVE-2024-39573

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a specially...

7.5CVSS6.2AI score0.35447EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: Due to use of Node.js IBM DataPower Gateway vulnerable to denial of service (CVE-2024-45590)

Summary Node.js is used by IBM DataPower Gateway as part of the user interface. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote...

7.5CVSS6.5AI score0.00824EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.32 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to execute arbitrary code on the system CVE-2024-38474

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of their networking implementation Vulnerability Details CVEID:CVE-2024-38474 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution...

9.8CVSS7.5AI score0.02456EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.30 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-38477

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sending a...

7.5CVSS6.6AI score0.03153EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.44 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to obtain sensitive information CVE-2024-38476

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38476 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by improper input validation by the backend...

9.8CVSS6.4AI score0.41611EPSS
Exploits0Affected Software1
Rows per page
Query Builder