Lucene search
K

54 matches found

Prion
Prion
added 2018/12/20 2:29 p.m.15 views

Cross site request forgery (csrf)

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887...

6.8CVSS8.2AI score0.00924EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/12/20 2:29 p.m.7 views

CVE-2018-1677

IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171...

5.5CVSS5.8AI score0.00364EPSS
Exploits0References3
CVE
CVE
added 2018/12/20 2:0 p.m.57 views

CVE-2018-1661

CVE-2018-1661 affects IBM DataPower Gateways (7.5, 7.5.1, 7.5.2, and 7.6). The issue is a cross-site request forgery (CSRF) vulnerability allowing an attacker to perform actions transmitted from a trusted user. IBM has issued a security bulletin for DataPower Gateway and IBM MQ Appliance with rem...

8.8CVSS8.4AI score0.00924EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/12/14 12:0 a.m.4 views

IBM DataPower Gateways Weak Encryption Algorithm Vulnerability

IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads that protects, integrates, and optimizes access across channels...

7.5CVSS6.6AI score0.00966EPSS
Exploits0References1
Prion
Prion
added 2018/12/07 4:29 p.m.16 views

Information disclosure

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

4.3CVSS5.3AI score0.02281EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/12/07 4:29 p.m.2 views

CVE-2018-1663

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

5.9CVSS5.8AI score0.02281EPSS
Exploits0References3
NVD
NVD
added 2018/12/07 4:29 p.m.15 views

CVE-2018-1663

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

5.9CVSS5.4AI score0.02281EPSS
Exploits0References3
CVE
CVE
added 2018/12/07 4:0 p.m.45 views

CVE-2018-1663

CVE-2018-1663 affects IBM DataPower Gateways (versions 7.5.x, 7.6, and 2018.4). Root cause: failure to properly enable HTTP Strict Transport Security, enabling potential information disclosure via man-in-the-middle. Impact: remote attacker could obtain sensitive information. Remediation / fixes c...

5.9CVSS5.4AI score0.02281EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/07 2:25 p.m.21 views

Security Bulletin: IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-1652)

Summary IBM DataPower Gateways has addressed the following vulnerability: CVE-2018-1652 Vulnerability Details CVEID: CVE-2018-1652 DESCRIPTION: IBM DataPower Gateways and IBM MQ Appliance could allow a local user to cause a denial of service through unknown vectors. CVSS Base Score: 6.2 CVSS...

6.2CVSS1.5AI score0.00372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:9 a.m.54 views

Security Bulletin: Security vulnerability in OpenSSL (CVE-2017-3736)

Summary A potential vulnerability has been reported by the OpenSSL project. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...

6.5CVSS6.8AI score0.10133EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:9 a.m.26 views

Security Bulletin: Vulnerability in OpenSSH affects IBM DataPower Gateways (CVE-2017-15906)

Summary A potential Denial of Service vulnerability exists in OpenSSH. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-15906 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the processopen function when in read-only...

5.3CVSS6.5AI score0.03359EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.51 views

Security Bulletin: Vulnerability in OpenSSL affects IBM DataPower Gateways (CVE-2017-3735)

Summary A potential vulnerability has been reported by the OpenSSL project. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-3735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...

5.3CVSS6.5AI score0.17699EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.25 views

Security Bulletin: Vulnerability in system log on IBM DataPower Gateways WebGUI (CVE-2017-1591)

Summary A potential cross-site scripting vulnerability exists in the DataPower system log. IBM has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-1591 DESCRIPTION: IBM WebSphere DataPower Appliances is vulnerable to cross-site scripting. This vulnerability allows users to emb...

6.1CVSS1.6AI score0.00961EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.47 views

Security Bulletin: Vulnerability in XDR affects IBM DataPower Gateways (CVE-2017-8804)

Summary A potential Denial of Service vulnerability exists in XDR. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-8804 DESCRIPTION: glibc is vulnerable to a denial of service, caused by improper handling of buffer deserialization in the xdrbytes and...

7.8CVSS2.3AI score0.0767EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.28 views

Security Bulletin: Vulnerability in Node.js affects IBM DataPower Gateways (CVE-2017-11499)

Summary Potential Denial of Service in Node.js. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-11499 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a flaw related to constant HashTable seeds. A remote attacker could exploit thi...

7.5CVSS2.1AI score0.05478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.87 views

Security Bulletin: A vulnerability in OpenSSL affects IBM DataPower Gateways (CVE-2016-2183)

Summary A vulnerability in the SSL/TLS protocol affects the ISAM Access Manager client and JMS. IBM DataPower Gateways has fully addressed the applicable CVE in version 7.5.2, and in earlier releases it was addressed with a combination of a code fix and a workaround. Vulnerability Details CVEID:...

7.5CVSS0.9AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.36 views

Security Bulletin: A vulnerability in SSH affects IBM DataPower Gateways (CVE-2016-8858)

Summary An SSH vulnerability was disclosed by the OpenSSH Project. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-8858 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the kexinputkexinit function. By sending speciall...

7.8CVSS7.3AI score0.29462EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.48 views

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways

Summary SSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By repeatedly requesting renegotiation, a...

9.8CVSS7.2AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.33 views

Security Bulletin: A busybox vulnerability affects IBM DataPower Gateways (CVE-2014-4607)

Summary A buffer overflow vulnerability affects IBM DataPower Gateways. IBM DataPower Gateways has addressed the applicable CVE Vulnerability Details CVEID: CVE-2014-4607 DESCRIPTION: Oberhumer LZO could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflo...

8.8CVSS7.5AI score0.05315EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.33 views

Security Bulletin: Vulnerabilities in node.js processing affect IBM DataPower Gateways

Summary IBM DataPower Gateways has addressed vulnerabilities in Node.js V8 processing that could cause a denial of service or remote code execution. Vulnerability Details CVEID: CVE-2016-1669 DESCRIPTION: Node.js V8 processing is vulnerable to a buffer overflow, caused by an error in V8. By...

9.3CVSS8AI score0.04227EPSS
Exploits0Affected Software1
Rows per page
Query Builder