Datapower Gateway Security Vulnerabilities and Issues — Datapower Gateway CVE List

Lucene search

IbmDatapower Gateway

11 matches found

CVE•added 2022/05/17 5:15 p.m.•70 views

CVE-2021-38872

IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348.

7.5CVSS7.2AI score0.00334EPSS

CVE•added 2022/05/17 5:15 p.m.•45 views

CVE-2020-4994

IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906.

7.5CVSS7.2AI score0.00426EPSS

CVE•added 2019/01/29 4:29 p.m.•40 views

CVE-2018-1668

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.

7.5CVSS6.9AI score0.00154EPSS

CVE•added 2020/09/21 3:15 p.m.•40 views

CVE-2020-4581

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.

7.5CVSS7.3AI score0.00729EPSS

CVE•added 2018/12/13 4:29 p.m.•38 views

CVE-2018-1665

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.

7.5CVSS7.2AI score0.00096EPSS

CVE•added 2018/09/25 4:0 p.m.•37 views

CVE-2018-1664

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache....

7.8CVSS7.3AI score0.00043EPSS

CVE•added 2020/09/21 3:15 p.m.•37 views

CVE-2020-4579

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.

7.5CVSS7.3AI score0.01612EPSS

CVE•added 2021/03/12 5:15 p.m.•37 views

CVE-2020-4831

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2018/09/25 4:0 p.m.•34 views

CVE-2018-1669

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote att...

7.1CVSS6.8AI score0.00403EPSS

CVE•added 2020/09/21 3:15 p.m.•33 views

CVE-2020-4580

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.

7.5CVSS7.3AI score0.00729EPSS

CVE•added 2018/04/04 6:29 p.m.•32 views

CVE-2018-1421

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023.

7.1CVSS6.8AI score0.00323EPSS