IBM DataPower Gateway 10.0.2.0

CPE Details

IBM DataPower Gateway 10.0.2.0
ibm
datapower_gateway
10.0.2.0
2022-03-14
14h11 +00:00
2022-03-14
14h13 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ibm:datapower_gateway:10.0.2.0:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

datapower_gateway

Version

10.0.2.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-22326 2022-07-31 16h05 +00:00 IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.
3.3
Low
CVE-2021-38944 2022-05-18 19h30 +00:00 IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 211236.
6.1
Medium
CVE-2021-38872 2022-05-17 16h25 +00:00 IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348.
7.5
High
CVE-2021-38910 2022-03-10 19h50 +00:00 IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824.
5.3
Medium