2 matches found
Security Bulletin: Padding Oracle Protection in IBM DataPower Gateways GatewayScript modules (CVE-2015-7412)
Summary IBM DataPower Gateways has addressed a Padding Oracle Protection vulnerability in GatewayScript decryption. Vulnerability Details CVEID: CVE-2015-7412 DESCRIPTION: IBM DataPower Gateways GatewayScript modules may be vulnerable to Padding Oracle attacks in some scenarios, which could allow...
CVE-2015-7412
CVE-2015-7412 affects IBM DataPower Gateways GatewayScript modules (7.2.0.x) where decryption API or JWE decrypt action omits requiring signed ciphertext data. The underlying issue is padding-oracle vulnerability that could allow an attacker to decrypt ciphertext and obtain plaintext if configure...