2 matches found
Security Bulletin: Certificates not removed from DataPower ValCred when updating corresponding APIc truststore (CVE-2020-4205)
Summary When a certificate is removed from an APIc TrustStore, the correspsonding DataPower ValCred may not be updated to match. Vulnerability Details CVEID: CVE-2020-4205 DESCRIPTION: IBM DataPower Gateway could allow an authenticated user to bypass security restrictions, and continue to access...
CVE-2020-4205
The CVE-2020-4205 entry concerns IBM DataPower Gateway version 2018.4.1.0–2018.4.1.8 where an authenticated user could bypass security restrictions and continue to access the server after authentication certificates have been revoked. This is documented across IBM Security Bulletins and the IBM X...