Lucene search
K

419 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.27 views

Security Bulletin: IBM DataPower Gateway enables default IPMI account

Summary If IPMI over LAN Is enabled, a default administrator account is also enabled. Vulnerability Details CVEID: CVE-2019-4621 DESCRIPTION: IBM DataPower Appliance and IBM MQ Appliance have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker cou...

9.8CVSS2.8AI score0.01635EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.54 views

Security Bulletin: Multiple vulnerabilities may affect JRE in IBM DataPower Gateway

Summary IBM has addressed the relevant CVEs Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using...

9.8CVSS2AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.35 views

Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Node.js (CVE-2018-12123)

Summary IBM DataPower Gateway has addressed the following vulnerability: CVE-2018-12123 Vulnerability Details CVEID: CVE-2018-12123 DESCRIPTION: Node.js is vulnerable to HTTP request splitting attacks, caused by improper input validation by the path option of an HTTP request. A remote attacker...

4.3CVSS1AI score0.0405EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.35 views

Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL

Summary IBM DataPower Gateway has addressed the following vulnerabilities: CVE-2018-0734 CVE-2018-5407 Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature...

5.9CVSS5.9AI score0.12154EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.106 views

Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities

Summary IBM DataPower Gateway has addressed the following vulnerabilities: CVE-2019-9513 CVE-2019-9511 Vulnerability Details CVEID: CVE-2019-9513 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and...

7.8CVSS1AI score0.82017EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.31 views

Security Bulletin: IBM DataPower Gateway Java security update

Summary IBM has addressed the following JRE CVEs: CVE-2020-14621, CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-2757, CVE-2020-2756, CVE-2020-2755, CVE-2020-2754 Vulnerability Details CVEID: CVE-2020-14621 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP compone...

5.3CVSS6.3AI score0.0435EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.47 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DataPower Gateway

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM DataPower Gateway. IBM DataPower Gateway has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...

6.8CVSS5.9AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.42 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DataPower Gateway

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM DataPower Gateway. IBM DataPower Gateway has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2816 DESCRIPTION: An unspecified vulnerability related to the Java SE Networking...

5.8CVSS6.2AI score0.04351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.61 views

Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities

Summary IBM DataPower Gateway has addressed the following vulnerabilities: CVE-2019-11479 CVE-2019-11478 CVE-2019-11477 Vulnerability Details CVEID: CVE-2019-11479 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size MSS. By sending...

7.8CVSS1.1AI score0.98745EPSS
Exploits4Affected Software1
CNVD
CNVD
added 2021/06/08 12:0 a.m.8 views

IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2021-40051)

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...

5.3CVSS5.9AI score0.00868EPSS
Exploits0References1
OSV
OSV
added 2021/06/07 2:15 p.m.5 views

CVE-2020-5008

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID:...

5.3CVSS5.8AI score0.00868EPSS
Exploits0References2
NVD
NVD
added 2021/06/07 2:15 p.m.26 views

CVE-2020-5008

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID:...

5.3CVSS0.00868EPSS
Exploits0References2
Prion
Prion
added 2021/06/07 2:15 p.m.18 views

Information disclosure

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID:...

5CVSS4.9AI score0.00868EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/06/07 2:5 p.m.23 views

CVE-2020-5008

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID:...

3.7CVSS4.9AI score0.00868EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/04 12:0 a.m.5 views

IBM DataPower Gateway 安全漏洞

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...

5.3CVSS5.6AI score0.00868EPSS
Exploits0References6
CNVD
CNVD
added 2021/03/15 12:0 a.m.5 views

IBM DataPower Gateway Weak Encryption Algorithm Vulnerability

IBM DataPower Gateway is a security and integration platform built specifically for mobile, cloud, API, web, SOA, B2B and cloud workloads. A weak cryptographic algorithm vulnerability exists in IBM DataPower Gateway 10.0.0.0 - 10.0.1.0. An attacker could exploit the vulnerability to decrypt highl...

7.5CVSS6.4AI score0.00773EPSS
Exploits0References1
NVD
NVD
added 2021/03/12 5:15 p.m.18 views

CVE-2020-4831

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965...

7.5CVSS0.00773EPSS
Exploits0References2
Prion
Prion
added 2021/03/12 5:15 p.m.24 views

Code injection

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965...

5CVSS7.2AI score0.00773EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/03/12 4:40 p.m.50 views

CVE-2020-4831

CVE-2020-4831 affects IBM DataPower Gateway 10.0.0.0–10.0.1.0, where weaker than expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Connected IBM advisories confirm the vulnerability in DataPower Gateway and provide remediation: upgrade to IBM DataP...

7.5CVSS7.2AI score0.00773EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/12 4:40 p.m.22 views

CVE-2020-4831

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965...

5.9CVSS7.2AI score0.00773EPSS
Exploits0References2
Rows per page
Query Builder