Lucene search
K
IbmDatapower Gateway

40 matches found

CVE
CVE
added 2022/03/10 7:50 p.m.103 views

CVE-2021-38910

CVE-2021-38910 affects IBM DataPower Gateway V10CD (10.0.2.x+), 10.0.1, and 2108.4.1. The root cause is improper input validation, enabling a remote attacker to bypass security restrictions by sending a crafted JSON message to modify structure and fields. Documented impact is bypass of security c...

5.3CVSS5.2AI score0.01076EPSS
CVE
CVE
added 2022/05/17 4:25 p.m.88 views

CVE-2021-38872

Summary: CVE-2021-38872 affects IBM DataPower Gateway. Affected versions include 10.0.2.0, 10.0.3.0, 10.0.1.0–10.0.1.4, and 2018.4.1.0–2018.4.1.17. The issue is a denial of service caused by a remote user consuming resources by sending multiple requests. The underlying root cause is improper hand...

7.5CVSS7.2AI score0.0139EPSS
CVE
CVE
added 2022/07/31 4:7 p.m.84 views

CVE-2022-31776

CVE-2022-31776 affects IBM DataPower Gateway: SSRF in 10.0.2.0–10.0.4.0, 10.0.1.0–10.0.1.8, 10.5.0.0, and 2018.4.1.0–2018.4.1.21. The IBM security bulletin states a vulnerability leading to potential unauthorized requests from the system, enabling network enumeration or related impacts. Remediati...

8.8CVSS8.2AI score0.00462EPSS
CVE
CVE
added 2022/07/31 4:5 p.m.78 views

CVE-2022-22326

CVE-2022-22326 affects IBM DataPower Gateway and IBM MQ Appliance with insufficient authorization checks allowing unauthorized viewing of logs and files. Affected products and versions include IBM DataPower Gateway 10.0.1.0–10.0.1.5, 10.0.2.0–10.0.4.0, and 2018.4.1.0–2018.4.1.18; remediation upgr...

4CVSS3.9AI score0.00194EPSS
CVE
CVE
added 2022/07/31 4:6 p.m.78 views

CVE-2022-31775

The CVE-2022-31775 issue affects IBM DataPower Gateway and is an XML External Entity Injection (XXE) in XML data processing caused by insufficient filtering of external entities. Affected products/versions include DataPower Gateway 10.0.2.0–10.0.4.0, 10.0.1.0–10.0.1.8, 10.5.0.0, and 2018.4.1.0–20...

9.1CVSS8.9AI score0.0115EPSS
CVE
CVE
added 2022/05/18 7:30 p.m.77 views

CVE-2021-38944

CVE-2021-38944 affects IBM DataPower Gateway versions listed in the IBM and NVD records where an improper validation of input in the HOST header enables HTTP header injection. The vulnerability arises from inadequate HOST header validation, enabling attackers to perform cross-site scripting, cach...

6.1CVSS6AI score0.00536EPSS
CVE
CVE
added 2022/11/22 6:52 p.m.74 views

CVE-2022-40228

CVE-2022-40228 affects IBM DataPower Gateway and is caused by not invalidating active sessions after a password change, which could allow an authenticated user to impersonate another user. Affected versions include 10.0.3.0–10.0.4.0, 10.0.1.0–10.0.1.9, 2018.4.1.0–2018.4.1.22, and 10.5.0.0–10.5.0....

5.4CVSS4.7AI score0.00315EPSS
CVE
CVE
added 2022/08/26 5:25 p.m.70 views

CVE-2022-31773

CVE-2022-31773 affects IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1, where a cross-site request forgery (CSRF) in the Web UI could let an attacker perform malicious, unauthorized actions on behalf of a trusted user. The root cause is CSRF in the web application that does not adequately valid...

8.8CVSS8.4AI score0.00359EPSS
CVE
CVE
added 2022/07/31 4:5 p.m.70 views

CVE-2022-31774

CVE-2022-31774 affects IBM DataPower Gateway. Vulnerable in Web UI where lack of data validation/filtering lets attackers embed arbitrary JavaScript, potentially disclosing credentials in a trusted session. Affected versions include 10.0.1.0–10.0.1.8, 10.0.2.0–10.0.4.0, 10.5.0.0, and 2018.4.1.0–2...

5.4CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2022/07/31 4:7 p.m.67 views

CVE-2022-32750

CVE-2022-32750 affects IBM DataPower Gateway: versions 10.0.2.0–10.0.4.0, 10.0.1.0–10.0.1.8, 10.5.0.0, and 2018.4.1.0–2018.4.1.21 are vulnerable to cross-site scripting through the Web UI, allowing arbitrary JavaScript that could disclose credentials in a trusted session. Remediation: upgrade to ...

5.4CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2021/03/08 6:0 p.m.65 views

CVE-2020-5014

CVE-2020-5014 – IBM DataPower Gateway : A local attacker with administrative privileges could achieve arbitrary code execution via a server-side request forgery (SSRF) that targets internal services (notably the built‑in Redis path). Affected products/versions: DataPower Gateway 10.0.0.0–10.0.1.1...

6.7CVSS6.7AI score0.00868EPSS
CVE
CVE
added 2019/12/09 10:30 p.m.62 views

CVE-2019-4621

IBM DataPower Gateway and IBM MQ Appliance are affected by CVE-2019-4621 due to a default administrator account that is enabled when the IPMI LAN channel is enabled. A remote attacker could gain unauthorised access to the BMC. Affected products and versions include IBM DataPower Gateway 7.6.0.0-7...

9.8CVSS9.1AI score0.01635EPSS
CVE
CVE
added 2020/03/19 1:40 p.m.59 views

CVE-2020-4203

CVE-2020-4203 affects IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.8, where improper access controls could allow a privileged user to disclose highly sensitive information. IBM’s Security Bulletins (B32170FFF285450407F92413C0A07773ACE80E126493E67B73280F5B62066789) confirm affected p...

4.9CVSS4.8AI score0.01285EPSS
CVE
CVE
added 2020/03/19 1:40 p.m.59 views

CVE-2020-4205

The CVE-2020-4205 entry concerns IBM DataPower Gateway version 2018.4.1.0–2018.4.1.8 where an authenticated user could bypass security restrictions and continue to access the server after authentication certificates have been revoked. This is documented across IBM Security Bulletins and the IBM X...

6.5CVSS6.3AI score0.00528EPSS
CVE
CVE
added 2020/10/06 3:45 p.m.59 views

CVE-2020-4528

IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0–2018.4.1.12) is affected by CVE-2020-4528, a local information-disclosure vulnerability where a local user could obtain highly sensitive data from log files under specific conditions. The IBM bulletin lists affected products/versions...

5.9CVSS5AI score0.00286EPSS
CVE
CVE
added 2021/06/07 2:5 p.m.59 views

CVE-2020-5008

The CVE-2020-5008 issue affects IBM DataPower Gateway: affected versions include 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.14, where sensitive information is stored in GET request parameters, creating possible information disclosure if URLs are exposed in logs, referrers, or history. IBM’s remedi...

5.3CVSS4.9AI score0.00868EPSS
CVE
CVE
added 2015/11/14 2:0 a.m.58 views

CVE-2015-7427

IBM DataPower Gateway appliances are affected by CVE-2015-7427 due to missing Secure attribute on cookies when using HTTPS, allowing potential interception of cookies. Affected versions include 6.x up to 6.0.0.16/6.0.1.12, 7.x up to 7.0.0.9, 7.1.0.6, and 7.2.0.0. Remediation: upgrade to fixed rel...

5CVSS6.7AI score0.01196EPSS
CVE
CVE
added 2018/12/20 2:0 p.m.57 views

CVE-2018-1661

CVE-2018-1661 affects IBM DataPower Gateways (7.5, 7.5.1, 7.5.2, and 7.6). The issue is a cross-site request forgery (CSRF) vulnerability allowing an attacker to perform actions transmitted from a trusted user. IBM has issued a security bulletin for DataPower Gateway and IBM MQ Appliance with rem...

8.8CVSS8.4AI score0.00924EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.57 views

CVE-2018-1667

CVE-2018-1667 affects IBM DataPower Gateway and IBM DataPower/WebSphere DataPower Appliances, where a cross-site scripting (XSS) flaw could allow embedding arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. The vulnerability is present in multiple Da...

5.4CVSS5.2AI score0.0066EPSS
CVE
CVE
added 2022/05/17 4:25 p.m.57 views

CVE-2020-4994

Summary of CVE-2020-4994 / IBM DataPower Gateway : Affects IBM DataPower Gateway 10.0.1.0–10.0.1.4 and 2018.4.1.0–2018.4.1.17. A remote attacker could cause a temporary denial of service by sending invalid HTTP requests. The issue is acknowledged by IBM (X-Force ID 192906) and remediated with fix...

7.5CVSS7.2AI score0.0139EPSS
CVE
CVE
added 2015/11/08 10:0 p.m.56 views

CVE-2015-7412

CVE-2015-7412 affects IBM DataPower Gateways GatewayScript modules (7.2.0.x) where decryption API or JWE decrypt action omits requiring signed ciphertext data. The underlying issue is padding-oracle vulnerability that could allow an attacker to decrypt ciphertext and obtain plaintext if configure...

2.6CVSS6.5AI score0.01014EPSS
CVE
CVE
added 2017/09/27 5:0 p.m.56 views

CVE-2017-1591

The CVE-2017-1591 issue is a cross-site scripting vulnerability in IBM WebSphere DataPower Appliances (7.0.0–7.6) and related IBM MQ Appliance/WebGUI components. The flaw allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. R...

6.1CVSS5.8AI score0.00961EPSS
CVE
CVE
added 2019/02/07 4:0 p.m.55 views

CVE-2018-1666

CVE-2018-1666 affects IBM DataPower/DataPower Gateway UI message rendering. A authenticated user could inject arbitrary messages displayed in the UI. Affected products/versions include IBM DataPower Gateway 2018.4.1.0, 7.6.0.0–7.6.0.11, 7.5.2.0–7.5.2.18, 7.5.1.0–7.5.1.18, 7.5.0.0–7.5.0.19, and 7....

4.3CVSS4.4AI score0.00839EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.55 views

CVE-2019-4294

CVE-2019-4294 affects IBM DataPower Gateway and IBM MQ Appliance. The root cause is a command-injection vulnerability in which a local attacker could execute arbitrary commands on the targeted system. Affected versions include IBM DataPower Gateway 2018.4.1.0–2018.4.1.6, 7.6.0.0–7.6.0.15, and IBM...

8.4CVSS7.9AI score0.00945EPSS
CVE
CVE
added 2020/09/21 2:55 p.m.55 views

CVE-2020-4581

CVE-2020-4581 affects IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12, enabling a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM’s advisory confirms remediation in 2018.4.1.13 (APAR IT33517) for DataPower Gateway, with no workaround do...

7.5CVSS7.3AI score0.01602EPSS
CVE
CVE
added 2018/12/11 4:0 p.m.54 views

CVE-2018-1652

CVE-2018-1652 affects IBM DataPower Gateway and IBM MQ Appliance. A local user could cause a denial of service via unknown vectors on: DataPower Gateway versions 7.1.0.0–7.1.0.19, 7.2.0.0–7.2.0.16, 7.5.0.0–7.5.0.10, 7.5.1.0–7.5.1.9, 7.5.2.0–7.5.2.9, 7.6.0.0–7.6.0.2 and MQ Appliance 8.0.0.0–8.0.0....

6.2CVSS5.2AI score0.00372EPSS
CVE
CVE
added 2018/01/31 3:0 p.m.53 views

CVE-2017-1773

CVE-2017-1773 affects IBM DataPower Gateway: DNS spoofing via MITM in DataPower DNS queries. Affected versions include 7.1.0.0–7.1.0.20, 7.2.0.0–7.2.0.17, 7.5.0.0–7.5.0.11, 7.5.1.0–7.5.1.10, 7.5.2.0–7.5.2.10, and 7.6.0.0–7.6.0.3. Remediation is available in newer releases: 7.1.0.21, 7.2.0.18, 7.5...

4.3CVSS4.1AI score0.00331EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.52 views

CVE-2018-1665

Affected product and scope: IBM DataPower Gateway and related appliances are listed with CVE-2018-1665, affecting multiple VMF/RMF versions of DataPower Gateway and IBM MQ Appliance as detailed in IBM security bulletins. Root cause / vulnerability type: Use of weaker-than-expected cryptographic a...

7.5CVSS7.2AI score0.00966EPSS
CVE
CVE
added 2019/01/29 4:0 p.m.52 views

CVE-2018-1668

CVE-2018-1668 affects IBM DataPower Gateway appliances (versions 7.5.0.0–7.5.0.19, 7.5.1.0–7.5.1.18, 7.5.2.0–7.5.2.18, 7.6.0.0–7.6.0.11) and IBM MQ Appliance in some postings, where the IPMI service could be left at a “null” login, enabling read access to IPMI data and disclosure of sensitive inf...

7.5CVSS6.9AI score0.01396EPSS
CVE
CVE
added 2020/09/21 2:55 p.m.51 views

CVE-2020-4579

IBM DataPower Gateway (versions 2018.4.1.0–2018.4.1.12) is affected by CVE-2020-4579, allowing remote denial of service via a specially crafted HTTP/2 request with invalid characters. The vendor's security bulletin confirms remediation: upgrade to 2018.4.1.13 (applies to IBM DataPower Gateway), w...

7.5CVSS7.3AI score0.0224EPSS
CVE
CVE
added 2021/03/12 4:40 p.m.50 views

CVE-2020-4831

CVE-2020-4831 affects IBM DataPower Gateway 10.0.0.0–10.0.1.0, where weaker than expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Connected IBM advisories confirm the vulnerability in DataPower Gateway and provide remediation: upgrade to IBM DataP...

7.5CVSS7.2AI score0.00773EPSS
CVE
CVE
added 2018/09/25 4:0 p.m.49 views

CVE-2018-1664

This CVE affects IBM DataPower Gateway and IBM DataPower Gateway CD. The vulnerability is an information disclosure where echoing of AMP management interface authorization headers exposes login credentials in browser cache. Affected products/versions include IBM DataPower Gateway 7.1.0.0–7.1.0.23...

7.8CVSS7.3AI score0.00379EPSS
CVE
CVE
added 2018/09/25 4:0 p.m.49 views

CVE-2018-1669

CVE-2018-1669 affects IBM DataPower Gateway and DataPower Gateway CD, with XXE in XML processing. Affected: DataPower Gateway 7.1.0.0–7.1.0.23, 7.2.0.0–7.2.0.21, 7.5.0.0–7.5.0.16, 7.5.1.0–7.5.1.15, 7.5.2.0–7.5.2.15, 7.6.0.0–7.6.0.8 and CD 7.7.0.0–7.7.1.2. Impact: potential information disclosure ...

7.1CVSS6.8AI score0.01853EPSS
CVE
CVE
added 2020/09/21 2:55 p.m.49 views

CVE-2020-4580

CVE-2020-4580 affects IBM DataPower Gateway 2018.4.1.0–2018.4.1.12, where a remote attacker could cause a denial of service by sending a specially crafted JSON request with invalid characters. IBM’s security bulletin confirms the issue and lists the affected versions, with a fix available in 2018...

7.5CVSS7.3AI score0.01602EPSS
CVE
CVE
added 2021/08/17 1:55 p.m.49 views

CVE-2020-4992

IBM DataPower Gateway (2018.4.1.0–2018.4.1.16) is documented as vulnerable to cross-site request forgery (CSRF). The issue enables an attacker to perform malicious, unauthorized actions transmitted from a trusted user’s session. Affected versions are fixed in 2018.4.1.17, per IBM’s security bulle...

6.5CVSS6.4AI score0.004EPSS
CVE
CVE
added 2018/12/20 2:0 p.m.47 views

CVE-2018-1677

The CVE-2018-1677 issue affects IBM DataPower Gateways and IBM MQ Appliance, caused by improper handling of full file systems leading to a local denial of service. Affected DataPower Gateways versions include 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7; IBM MQ Appliance is also affected. IBM has is...

5.5CVSS5.3AI score0.00364EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.45 views

CVE-2018-1421

CVE-2018-1421 affects IBM DataPower Gateways (7.1.0.0–7.1.0.21, 7.2.0.0–7.2.0.18, 7.5.0.0–7.5.0.13, 7.5.1.0–7.5.1.12, 7.5.2.0–7.5.2.12, 7.6.0.0–7.6.0.5). The issue is a XML External Entity (XXE) injection when processing XML data, allowing a remote attacker to expose sensitive information or cons...

7.1CVSS6.8AI score0.01394EPSS
CVE
CVE
added 2018/12/07 4:0 p.m.45 views

CVE-2018-1663

CVE-2018-1663 affects IBM DataPower Gateways (versions 7.5.x, 7.6, and 2018.4). Root cause: failure to properly enable HTTP Strict Transport Security, enabling potential information disclosure via man-in-the-middle. Impact: remote attacker could obtain sensitive information. Remediation / fixes c...

5.9CVSS5.4AI score0.02281EPSS
CVE
CVE
added 2026/04/01 8:47 p.m.21 views

CVE-2025-36373

IBM DataPower Gateway contains an information-disclosure vulnerability (CVE-2025-36373) where sensitive system information from other domains can be disclosed to an administrative user. Affected are IBM DataPower Gateway 10.6CD (10.6.1.0–10.6.5.0), 10.5.0 series (10.5.0.0–10.5.0.20), and 10.6.0 s...

6.8CVSS5.8AI score0.00252EPSS
CVE
CVE
added 2026/04/01 10:50 p.m.11 views

CVE-2025-36375

CVE-2025-36375 affects IBM DataPower Gateway with a CSRF vulnerability. Affected versions include: 10.6CD 10.6.1.0–10.6.5.0 , 10.5.0 10.5.0.0–10.5.0.20 , and 10.6.0 10.6.0.0–10.6.0.8 . Root cause: failure to properly validate the source of a request, enabling an attacker to induce a user to perfo...

8.8CVSS5.9AI score0.00167EPSS