Lucene search
K

418 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/06/24 1:11 p.m.173 views

Security Bulletin: IBM DataPower Gateway is vulnerable to denial of service due to Golang Go

Summary IBM DataPower Gateway is vulnerable to denial of service due to use of Golang Go in DataPower Operator and Prometheus Metrics . CVE-2024-24783 Vulnerability Details CVEID:CVE-2024-24783 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 packag...

5.9CVSS6.5AI score0.00667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/14 4:59 p.m.43 views

Security Bulletin: IBM DataPower Gateway vulnerable to DOS in OpenSSL (CVE-2024-0727)

Summary IBM has addressed the CVE. Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause...

5.5CVSS5.8AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/14 3:4 p.m.80 views

Security Bulletin: IBM DataPower Gateway vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms offered,...

5.9CVSS6.4AI score0.9378EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/14 3:3 p.m.28 views

Security Bulletin: IBM DataPower Gateway Virtual Edition affected by bypass vulnerability in Open VM Tools

Summary Exploitation of this flaw requires root access to the ESXi host. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2023-20867 DESCRIPTION: VMware Tools could allow a local authenticated attacker to bypass security restrictions, caused by the failure to authenticate...

3.9CVSS4.7AI score0.13638EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 9:46 p.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM DataPower Gateway

Summary While core IBM DataPower Gateway does not use Java, certain components shipped with IDG may be vulnerable. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentialit...

7.5CVSS7AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 11:40 a.m.46 views

Security Bulletin: IBM DataPower Gateway is vulnerable to Denial of Service due to use of Node.js

Summary NodeJS is used by IBM DataPower Gateway as part of the API-GWY management interface CVE-2024-22019 Vulnerability Details CVEID:CVE-2024-22019 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error when reading unprocessed HTTP request with unbounded chunk extension...

7.5CVSS6.1AI score0.03168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 11:38 a.m.26 views

Security Bulletin: IBM DataPower affected by vulnerability in Go (CVE-2023-39326)

Summary This CVE may affect DataPower Operator or SNMP Exporter for Prometheus Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the net/http package. By sending a specially crafted HTTP request, an...

5.3CVSS6.6AI score0.01208EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/07 3:45 p.m.64 views

Security Bulletin: IBM DataPower Gateway vulnerable to unauthorized access in Redis

Summary Redis is used in gateway peering, B2B and rate-limiting. IBM has updated Redis to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45145 DESCRIPTION: Redis could allow a local authenticated attacker to bypass security restrictions, caused by a race condition when a permissi...

3.6CVSS3.8AI score0.00444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/12 5:1 p.m.27 views

Security Bulletin: IBM DataPower Gateway vulnerable to directory traversal issue

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-46177 DESCRIPTION: IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM...

7.5CVSS6.9AI score0.01338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/13 8:4 p.m.39 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to a denial of service (CVE-2023-4807)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC message authentication code implementation, when running on newer X8664 processors supporting the AVX512-IFM...

7.8CVSS7.8AI score0.00862EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 5:35 p.m.97 views

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP/2 "Rapid Reset" Denial of Service (CVE-2023-44487, CVE-2023-39325)

Summary IBM has addressed both CVEs. Vulnerability Details CVEID: CVE-2023-39325 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the net/http and x/net/http2 packages. By sending specially crafted requests using HTTP/2 client, a...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/13 12:54 p.m.43 views

Security Bulletin: IBM DataPower Gateway vulnerable to multiple issues in Node.js

Summary IBM has addressed the following CVEs that could affect the API Gateway Director, and in version 10.5. only the New UI Vulnerability Details CVEID:CVE-2023-30588 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by invalid public key information in x509 certificates. By...

7.5CVSS7.3AI score0.03906EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/07 2:23 p.m.32 views

Security Bulletin: Timing side-channel in IBM DataPower Gateway (CVE-2023-32342)

Summary A timing side-channel is present in IBM GSKit. This potentially affects the following IBM DataPower Gateway services: ISAM/TAM, MQ and JMS Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a...

7.5CVSS7.3AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 4:41 p.m.56 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to Denial of Service (CVE-2023-2650)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit. By sendin...

6.5CVSS6.9AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 6:20 p.m.51 views

Security Bulletin: Potential security bypass in IBM DataPower Gateway (CVE_2023-23920)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICUDATA environment variable, an attacker...

4.2CVSS6AI score0.00471EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 3:23 p.m.47 views

Security Bulletin: IBM DataPower Gateway affected by multiple CVEs in OpenSSL

Summary IBM has addressed the CVEs Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for...

7.5CVSS7.4AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/01 1:30 p.m.45 views

Security Bulletin: Potential denial of service in IBM DataPower Gateway (CVE-2022-25881)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending a specially-crafted regex input using request header values, ...

7.5CVSS6.7AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 1:44 p.m.26 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to Denial of Service (CVE-2022-4450)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioex function. By sending specially crafted PEM files for...

7.5CVSS7.7AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 9:35 a.m.44 views

Security Bulletin: IBM MQ Appliance is vulnerable to cross-site request forgery (CVE-2022-31773)

Summary IBM MQ Appliance has resolved a cross-site request forgery vulnerability. Vulnerability Details CVEID:CVE-2022-31773 DESCRIPTION: IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthoriz...

8.8CVSS8.6AI score0.00359EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 4:12 p.m.72 views

Security Bulletin: IBM DataPower Gateway affected by vulnerability in Java (CVE-2022-21626)

Summary IBM has addressed the CVE, which potentially affects JDBC, IMS Callout and JMS components Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service...

5.3CVSS5.5AI score0.01746EPSS
Exploits0Affected Software4
Rows per page
Query Builder