Websphere Datapower Xc10 Appliance Firmware@2.5.0.0 Security Vulnerabilities and Issues — Websphere Datapower Xc10 Appliance Firmware@2.5.0.0 CVE List

Lucene search

IbmWebsphere Datapower Xc10 Appliance Firmware2.5.0.0

6 matches found

CVE•added 2014/12/11 4:59 p.m.•42 views

CVE-2014-3058

Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6CVSS6.3AI score0.00101EPSS

CVE•added 2014/12/11 4:59 p.m.•39 views

CVE-2014-6143

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response.

2.1CVSS5.7AI score0.00054EPSS

CVE•added 2014/12/11 4:59 p.m.•36 views

CVE-2014-6163

Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2014/12/12 11:59 a.m.•35 views

CVE-2014-6138

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.

4CVSS6.2AI score0.00159EPSS

CVE•added 2014/10/02 12:55 a.m.•32 views

CVE-2014-3060

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.

10CVSS6.7AI score0.02405EPSS

CVE•added 2014/10/02 12:55 a.m.•31 views

CVE-2014-3059

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network.

10CVSS6.6AI score0.02405EPSS