CPE Details
IBM DataPower Gateway 10.0.3.0
10.0.3.0
2022-03-14
14h11 +00:00
14h11 +00:00
2022-03-14
14h13 +00:00
14h13 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:ibm:datapower_gateway:10.0.3.0:*:*:*:*:*:*:*
Informations
Vendor
ibmProduct
datapower_gatewayVersion
10.0.3.0Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527. | 5.4 |
Medium |
||
| IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. | 3.3 |
Low |
||
| IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 211236. | 6.1 |
Medium |
||
| IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348. | 7.5 |
High |
||
| IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. | 5.3 |
Medium |
2025©
tesweb SA
