Datapower Gateway@* Security Vulnerabilities and Issues — Datapower Gateway@* CVE List

Lucene search

IbmDatapower Gateway*

4 matches found

CVE•added 2021/03/08 6:15 p.m.•48 views

CVE-2020-5014

IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.

6.7CVSS6.7AI score0.01253EPSS

CVE•added 2021/06/07 2:15 p.m.•45 views

CVE-2020-5008

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193...

5.3CVSS4.9AI score0.00147EPSS

CVE•added 2021/08/17 2:15 p.m.•38 views

CVE-2020-4992

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.

6.5CVSS6.4AI score0.00103EPSS

CVE•added 2021/03/12 5:15 p.m.•37 views

CVE-2020-4831

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.

7.5CVSS7.2AI score0.00112EPSS