34 matches found
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2025-13466
Summary body-parser is used by the IBM Datapower Operations Dashboard as part of their network implementation Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Authentication Bypass by Alternate Name CVE-2025-14777
Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2025-14777 DESCRIPTION: A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Time-of-check Time-of-use Race Condition CVE-2026-1035
Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2025-14559 DESCRIPTION: A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh toke...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Server-side Request Forgery CVE-2026-1180
Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-1180 DESCRIPTION: A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjw...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Directory Traversal CVE-2026-23745
Summary node-tar is used by the IBM Datapower Operations Dashboard as part of their server implementation Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries wh...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Improper Authorization CVE-2026-2733
Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-2733 DESCRIPTION: A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2025-12183
Summary LZ4 is used by the IBM Datapower Operations Dashboard for their compression and xxHash hashing algorithm Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read...
Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP Parameter Pollution CVE-2025-7783
Summary form-data is used by the IBM Datapower Operations Dashboard for their streaming implementation Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with...
Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754
Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a StackOverflowError CVE-2025-48924
Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility operations Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-34109
Summary zxcvbn is used by the IBM Datapower Operations Dashboard to improve password security Vulnerability Details CVEID:CVE-2023-34109 DESCRIPTION: zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform whic...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to improper resource shutdown or release CVE-2025-61795
Summary Apache Tomcat is used by the IBM Datapower Operations Dashboard in their HTTP web server implementation Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the...
Security Bulletin: IBM Datapower Operations Dashboard could be vulnerable to an out-of-memory (OOM) issue CVE-2025-2240
Summary Smallrye is used by the IBM Datapower Operations Dashboard for repository hosting including build, CI, and release publishing setup Vulnerability Details CVEID:CVE-2025-2240 DESCRIPTION: A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM...
Security Bulletin: IBM Datapower Operations Dashboard could allow a potential data leak CVE-2025-49574
Summary vert.x is used in KeyCloak which is used by the IBM Datapower Operations Dashboard for authentication and authorization Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to...
Security Bulletin: IBM Datapower Operations Dashboard could potentially cause SSRF and credential leakage CVE-2025-27152
Summary Axios is used by the IBM Datapower Operations Dashboard for HTTP requests to communicate with servers or APIs Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than...
Security Bulletin: IBM Datapower Operations Dashboard could cause a native crash CVE-2025-24970
Summary Netty is used by the IBM Datapower Operations Dashboard for it's network application framework implementation Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final an...
Security Bulletin: IBM Datapower Operations Dashboard could cause a denial of service CWE-1321
Summary Axios is used by the IBM Datapower Operations Dashboard for HTTP requests to communicate with servers or APIs Vulnerability Details IBM X-Force ID: 294242 DESCRIPTION: Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function...
Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to obtain sensitive information CVE-2024-38476
Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38476 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by improper input validation by the backend...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-38477
Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sending a...
Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473
Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in modproxy. By...