Websphere Datapower Xc10 Appliance Security Vulnerabilities and Issues — Websphere Datapower Xc10 Appliance CVE List

Lucene search

IbmWebsphere Datapower Xc10 Appliance

9 matches found

CVE•added 2013/05/28 4:55 p.m.•60 views

CVE-2013-0499

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gatew...

4.3CVSS5.8AI score0.00256EPSS

CVE•added 2012/11/23 12:9 p.m.•50 views

CVE-2012-5756

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the...

4.3CVSS6.7AI score0.00463EPSS

CVE•added 2013/05/09 12:31 p.m.•40 views

CVE-2013-0600

Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors.

9.3CVSS7.1AI score0.00375EPSS

CVE•added 2012/11/23 12:9 p.m.•32 views

CVE-2012-5759

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors.

9CVSS6.3AI score0.00776EPSS

CVE•added 2014/10/02 12:55 a.m.•32 views

CVE-2014-3060

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.

10CVSS6.7AI score0.02405EPSS

CVE•added 2012/11/23 12:9 p.m.•31 views

CVE-2012-5758

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors.

7.8CVSS6.9AI score0.03043EPSS

CVE•added 2014/10/02 12:55 a.m.•31 views

CVE-2014-3059

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network.

10CVSS6.6AI score0.02405EPSS

CVE•added 2013/10/22 11:17 a.m.•30 views

CVE-2013-5428

IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.

7.1CVSS7AI score0.00603EPSS

CVE•added 2013/10/22 11:17 a.m.•27 views

CVE-2013-5446

The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.

10CVSS6.7AI score0.00469EPSS