Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmWebsphere Datapower Xc10 Appliance Firmware2.5.0.0

10 matches found

cve
cveadded 2014/12/11 4:59 p.m.42 views

CVE-2014-3058

Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6CVSS6.3AI score0.00101EPSS
cve
cveadded 2015/08/03 7:59 p.m.40 views

CVE-2015-1970

The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere.

2.1CVSS6AI score0.00057EPSS
cve
cveadded 2014/12/11 4:59 p.m.39 views

CVE-2014-6143

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response.

2.1CVSS5.7AI score0.00054EPSS
cve
cveadded 2014/12/11 4:59 p.m.36 views

CVE-2014-6163

Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS
cve
cveadded 2014/12/12 11:59 a.m.35 views

CVE-2014-6138

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.

4CVSS6.2AI score0.00159EPSS
cve
cveadded 2013/09/27 8:55 p.m.32 views

CVE-2013-5403

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors.

10CVSS6.6AI score0.01888EPSS
cve
cveadded 2014/10/02 12:55 a.m.32 views

CVE-2014-3060

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.

10CVSS6.7AI score0.02405EPSS
cve
cveadded 2014/10/02 12:55 a.m.31 views

CVE-2014-3059

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network.

10CVSS6.6AI score0.02405EPSS
cve
cveadded 2013/10/22 11:17 a.m.30 views

CVE-2013-5428

IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.

7.1CVSS7AI score0.00603EPSS
cve
cveadded 2013/10/22 11:17 a.m.27 views

CVE-2013-5446

The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.

10CVSS6.7AI score0.00469EPSS