Security Bulletin: IBM DataPower Gateway vulnerable to XSS

Summary IBM has addressed the following CVEs Vulnerability Details CVEID:CVE-2022-32750 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to...

Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in Java

Summary While core IBM DataPower Gateway does not use Java, certain components shipped with IDG may be vulnerable. IBM has addressed the CVEs. Vulnerability Details CVEID:CVE-2022-21434 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

Code injection

IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348...

CVE-2021-39070

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353...

IBM Security Verify Access 安全漏洞

IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. IBM Security Verify Access versions 10.0.0.0, 10.0.1.0 and 10.0.2.0 have a security vulnerability that could be exploited by an attacker to authenticate as any user on the system authenticate as any user...