6 matches found
Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in Java
Summary While core IBM DataPower Gateway does not use Java, certain components shipped with IDG may be vulnerable. IBM has addressed the CVEs. Vulnerability Details CVEID:CVE-2022-21434 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...
CVE-2020-4994
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906...
Code injection
IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348...
CVE-2020-4994
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906...
Security Bulletin: IBM API Connect is impacted by a denial of service (DoS) vulnerability in OpenSSL (CVE-2020-1971)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit this...
IBM API Connect Information Disclosure Vulnerability (CNVD-2020-36386)
IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 2018.4.1.0 through 2018.4.1.11, whic...